diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index dc3cccb..9745c37 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -4,11 +4,9 @@ on:
pull_request:
branches:
- main
- - master
push:
branches:
- main
- - master
workflow_dispatch:
env:
diff --git a/.make.docs b/.make.docs
new file mode 100644
index 0000000..e4c5d7c
--- /dev/null
+++ b/.make.docs
@@ -0,0 +1,13 @@
+help This help.
+build Build docker dev container
+run Run docker dev container
+setup Setup project
+lint Lint with pre-commit
+lint-all Lint with pre-commit
+tests Tests with Terratest
+test-confluent-operator Test the confluent_operator example
+test-confluent-platform Test the confluent_platform example
+test-confluent-platform-singlenode Test the confluent_platform_singlenode example
+test-complete Test the complete example
+test-kafka-topics Test the kafka_topics example
+clean Clean project
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index 53f7cb4..acd6f52 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -29,6 +29,13 @@ content: |-
terraform apply
```
+ ## Troubleshooting
+
+ ```
+ Error: Failed to determine GroupVersionResource for manifest
+ ```
+
+ This happens when you attempt to apply the Confluent Platform Terraform without first applying the Confluent for Kubernetes CRDs. Please see [Prerequisites](#prerequisites) for more information.
## Tests
@@ -40,16 +47,7 @@ content: |-
## Makefile Targets
```
- help This help.
- build Build docker dev container
- run Run docker dev container
- install Install project
- lint Lint with pre-commit
- lint-all Lint with pre-commit
- tests Test with Terratest
- test-confluent-operator Test confluent-operator Example
- test-confluent-platform Test confluent-platform Example
- clean Clean project
+ {{ include ".make.docs" }}
```
{{ .Requirements }}
diff --git a/Makefile b/Makefile
index 81dcbe1..af2587a 100644
--- a/Makefile
+++ b/Makefile
@@ -15,23 +15,18 @@ build: ## Build docker dev container
run: ## Run docker dev container
docker run -it --rm -v "$$(pwd)":/workspaces/$(NAME) -v ~/.kube:/root/.kube -v ~/.cache/pre-commit:/root/.cache/pre-commit -v ~/.terraform.d/plugins:/root/.terraform.d/plugins --workdir /workspaces/$(NAME) $(NAME) /bin/bash
-install-cfk-crds:
- # download the cfk helm chart
- curl -O https://confluent-for-kubernetes.s3-us-west-1.amazonaws.com/confluent-for-kubernetes-2.4.0.tar.gz
- mkdir -p confluent-for-kubernetes-2.4.0
- tar -xzf confluent-for-kubernetes-2.4.0.tar.gz --strip-components=1 -C confluent-for-kubernetes-2.4.0
-
- # install the cfk crds
+apply-cfk-crds:
kubectl config set-cluster docker-desktop
- kubectl apply -f confluent-for-kubernetes-2.4.0/helm/confluent-for-kubernetes/crds/
+ kubectl apply -f ./crds/2.4.0
-setup: install-cfk-crds ## Setup project
+setup: apply-cfk-crds ## Setup project
# terraform
terraform init
cd examples/confluent_operator && terraform init
cd examples/confluent_platform && terraform init
cd examples/confluent_platform_singlenode && terraform init
cd examples/complete && terraform init
+ cd examples/kafka_topics && terraform init
# pre-commit
git init
@@ -39,23 +34,20 @@ setup: install-cfk-crds ## Setup project
pre-commit install
# terratest
+ rm -rf go.mod*
go get github.com/gruntwork-io/terratest/modules/terraform
go mod init test/terraform_confluent_operator_test.go
go mod tidy -go=1.16 && go mod tidy -go=1.17
-render-terraform-docs-code:
- # render terraform-docs code examples
- sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes\/\/modules\/confluent_operator"\n version = ">= 0.3.0"\n/g' examples/confluent_operator/main.tf > examples/confluent_operator/.main.tf.docs
- sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.3.0"\n/g' examples/confluent_platform/main.tf > examples/confluent_platform/.main.tf.docs
- sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.3.0"\n/g' examples/confluent_platform_singlenode/main.tf > examples/confluent_platform_singlenode/.main.tf.docs
- sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.3.0"/g' examples/complete/main.tf > examples/complete/.main.tf.docs
+docs:
+ ./bin/render-docs.sh
-lint: ## Lint with pre-commit
+lint: docs ## Lint with pre-commit
git add -A
pre-commit run
git add -A
-lint-all: render-terraform-docs-code ## Lint with pre-commit
+lint-all: docs ## Lint with pre-commit
git add -A
pre-commit run --all-files
git add -A
@@ -81,24 +73,17 @@ test-confluent-platform: test-setup test-confluent-platform test-clean ## Test t
test-confluent-platform-singlenode: test-setup test-confluent-platform-singlenode test-clean ## Test the confluent_platform_singlenode example
-test-complete: # Test the complete example
+test-complete: ## Test the complete example
go test test/terraform_complete_test.go -timeout 20m -v |& tee test/terraform_complete_test.log
-uninstall-cfk-crds:
- # download the cfk helm chart
- curl -O https://confluent-for-kubernetes.s3-us-west-1.amazonaws.com/confluent-for-kubernetes-2.4.0.tar.gz
- mkdir confluent-for-kubernetes-2.4.0
- tar -xzf confluent-for-kubernetes-2.4.0.tar.gz --strip-components=1 -C confluent-for-kubernetes-2.4.0
+test-kafka-topics: ## Test the kafka_topics example
+ go test test/terraform_kafka_topics_test.go -timeout 20m -v |& tee test/terraform_kafka_topics_test.log
- # install the cfk crds
+delete-cfk-crds:
kubectl config set-cluster docker-desktop
- kubectl delete -f confluent-for-kubernetes-2.4.0/helm/confluent-for-kubernetes/crds/
-
- # clean up the cfk downloads
- rm confluent-for-kubernetes-2.4.0.tar.gz
- rm -rf confluent-for-kubernetes-2.4.0
+ kubectl delete -f ./crds/2.4.0
-clean: uninstall-cfk-crds ## Clean project
+clean: delete-cfk-crds ## Clean project
@rm -f .terraform.lock.hcl
@rm -f examples/confluent_operator/.terraform.lock.hcl
@rm -f examples/confluent_platform/.terraform.lock.hcl
diff --git a/README.md b/README.md
index c39af3b..f814a82 100644
--- a/README.md
+++ b/README.md
@@ -15,27 +15,38 @@ A Terraform module for running [Confluent for Kubernetes (CFK)](https://docs.con
```hcl
module "confluent_platform" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = var.namespace
- # confluent operator
confluent_operator = {
create_namespace = true
name = "confluent-operator"
chart_version = "0.517.12"
}
- # confluent platform
- /*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
- */
+ zookeeper = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ kafka = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ create_connect = false
+ create_ksqldb = false
+ create_controlcenter = false
+ create_schemaregistry = false
+ create_kafkarestproxy = false
+
+ kafka_topics = {
+ "my-topic" = {}
+ "my-other-topic" = { "spec" = { "configs" = { "cleanup.policy" = "compact" } } }
+ }
}
```
@@ -59,6 +70,13 @@ terraform init
terraform apply
```
+## Troubleshooting
+
+```
+Error: Failed to determine GroupVersionResource for manifest
+```
+
+This happens when you attempt to apply the Confluent Platform Terraform without first applying the Confluent for Kubernetes CRDs. Please see [Prerequisites](#prerequisites) for more information.
## Tests
@@ -70,16 +88,19 @@ Run Terratest using the [Makefile](./Makefile) targets:
## Makefile Targets
```
-help This help.
-build Build docker dev container
-run Run docker dev container
-install Install project
-lint Lint with pre-commit
-lint-all Lint with pre-commit
-tests Test with Terratest
-test-confluent-operator Test confluent-operator Example
-test-confluent-platform Test confluent-platform Example
-clean Clean project
+help This help.
+build Build docker dev container
+run Run docker dev container
+setup Setup project
+lint Lint with pre-commit
+lint-all Lint with pre-commit
+tests Tests with Terratest
+test-confluent-operator Test the confluent_operator example
+test-confluent-platform Test the confluent_platform example
+test-confluent-platform-singlenode Test the confluent_platform_singlenode example
+test-complete Test the complete example
+test-kafka-topics Test the kafka_topics example
+clean Clean project
```
## Requirements
@@ -100,17 +121,18 @@ clean Clean project
|------|--------|---------|
| [confluent\_operator](#module\_confluent\_operator) | ./modules/confluent_operator | n/a |
| [confluent\_platform\_override\_values](#module\_confluent\_platform\_override\_values) | Invicton-Labs/deepmerge/null | 0.1.5 |
+| [kafka\_topics](#module\_kafka\_topics) | ./modules/kafka_topic | n/a |
## Resources
| Name | Type |
|------|------|
-| [kubernetes_manifest.component](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.components](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [confluent\_operator](#input\_confluent\_operator) | Controls if the Confluent Operator resources should be created. | `any` | `null` | no |
-| [confluent\_operator\_app\_version](#input\_confluent\_operator\_app\_version) | The default Confluent Operator app version. This may be overriden by component override values. This version must be compatible with the`confluent_platform_version`. Please see confluent docs for more information: https://docs.confluent.io/platform/current/installation/versions-interoperability.html#confluent-operator | `string` | `"2.4.0"` | no |
+| [confluent\_operator\_app\_version](#input\_confluent\_operator\_app\_version) | The default Confluent Operator app version. This may be overriden by component override values. This version must be compatible with the `confluent_platform_version`. Please see confluent docs for more information: https://docs.confluent.io/platform/current/installation/versions-interoperability.html#confluent-operator | `string` | `"2.4.0"` | no |
| [confluent\_platform\_version](#input\_confluent\_platform\_version) | The default Confluent Platform app version. This may be overriden by component override values. This version must be compatible with the `confluent_operator_app_version`. Please see confluent docs for more information: https://docs.confluent.io/platform/current/installation/versions-interoperability.html#confluent-operator | `string` | `"7.2.0"` | no |
| [connect](#input\_connect) | The Connect override values. | `any` | `{}` | no |
| [controlcenter](#input\_controlcenter) | The ControlCenter override values. | `any` | `{}` | no |
@@ -125,6 +147,7 @@ clean Clean project
| [create\_zookeeper](#input\_create\_zookeeper) | Controls if the Zookeeper component of the Confluent Platform should be created. | `bool` | `true` | no |
| [delete\_timeout](#input\_delete\_timeout) | The delete timeout for each Conlfuent Platform component. | `string` | `"10m"` | no |
| [kafka](#input\_kafka) | The Kafka override values. | `any` | `{}` | no |
+| [kafka\_topics](#input\_kafka\_topics) | The Kafka Topics to create. | `any` | `[]` | no |
| [kafkarestproxy](#input\_kafkarestproxy) | The KafkaRestProxy override values. | `any` | `{}` | no |
| [ksqldb](#input\_ksqldb) | The KsqlDB override values. | `any` | `{}` | no |
| [namespace](#input\_namespace) | The namespace to release Confluent Platform into. When `confluent_operator` is specified, this will also ensure the Confluent Operator is released into the same namespace. | `string` | `"confluent"` | no |
@@ -139,6 +162,7 @@ clean Clean project
| [connect\_manifest](#output\_connect\_manifest) | The Connect manifest. |
| [controlcenter\_manifest](#output\_controlcenter\_manifest) | The ControlCenter manifest. |
| [kafka\_manifest](#output\_kafka\_manifest) | The Kafka manifest. |
+| [kafka\_topics](#output\_kafka\_topics) | The Kafka Topic manifests |
| [kafkarestproxy\_manifest](#output\_kafkarestproxy\_manifest) | The KafkaRestProxy manifest. |
| [ksqldb\_manifest](#output\_ksqldb\_manifest) | The KsqlDB manifest. |
| [namespace](#output\_namespace) | The default namespace for the Confluent Platform. |
diff --git a/bin/render-docs.sh b/bin/render-docs.sh
new file mode 100755
index 0000000..fb01b3d
--- /dev/null
+++ b/bin/render-docs.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# render terraform-docs code examples
+sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes\/\/modules\/confluent_operator"\n version = ">= 0.4.0"\n/g' examples/confluent_operator/main.tf > examples/confluent_operator/.main.tf.docs
+sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.4.0"\n/g' examples/confluent_platform/main.tf > examples/confluent_platform/.main.tf.docs
+sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.4.0"\n/g' examples/confluent_platform_singlenode/main.tf > examples/confluent_platform_singlenode/.main.tf.docs
+sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.4.0"/g' examples/complete/main.tf > examples/complete/.main.tf.docs
+sed -z 's/source[^\r\n]*/source = "aidanmelen\/confluent-platform\/kubernetes"\n version = ">= 0.4.0"/g' examples/kafka_topics/main.tf > examples/kafka_topics/.main.tf.docs
+
+# render Makefile targets examples
+make > .make.docs
+
+# remove terminal color codes
+sed -i 's/\x1b\[[0-9;]*m//g' .make.docs
+
+# remove make header (first line)
+sed -i '1d' .make.docs
+
+# remove make footer (last line)
+sed -i '$d' .make.docs
diff --git a/confluent_operator.tf b/confluent_operator.tf
deleted file mode 100644
index ea80aec..0000000
--- a/confluent_operator.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-module "confluent_operator" {
- source = "./modules/confluent_operator"
- count = var.create ? 1 : 0
-
- create = try(var.confluent_operator["create"], true)
- create_namespace = try(var.confluent_operator["create_namespace"], true)
- namespace = try(var.confluent_operator["namespace"], var.namespace)
- namespace_annotations = try(var.confluent_operator["namespace_annotations"], null)
- namespace_labels = try(var.confluent_operator["namespace_labels"], null)
- name = try(var.confluent_operator["name"], "confluent-operator")
- repository = try(var.confluent_operator["repository"], "https://packages.confluent.io/helm")
- chart = try(var.confluent_operator["chart"], "confluent-for-kubernetes")
- chart_version = try(var.confluent_operator["chart_version"], null)
- values = try(var.confluent_operator["values"], [])
- set = try(var.confluent_operator["set"], [])
- set_sensitive = try(var.confluent_operator["set_sensitive"], [])
- wait_for_jobs = try(var.confluent_operator["wait_for_jobs"], true)
-}
diff --git a/crds/2.4.0/platform.confluent.io_clusterlinks.yaml b/crds/2.4.0/platform.confluent.io_clusterlinks.yaml
new file mode 100644
index 0000000..6fe6991
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_clusterlinks.yaml
@@ -0,0 +1,718 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: clusterlinks.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: ClusterLink
+ listKind: ClusterLinkList
+ plural: clusterlinks
+ shortNames:
+ - cl
+ - clusterlink
+ - clink
+ singular: clusterlink
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.clusterLinkID
+ name: ID
+ type: string
+ - jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .status.destinationKafkaClusterID
+ name: DestClusterID
+ type: string
+ - jsonPath: .status.sourceKafkaClusterID
+ name: SrcClusterID
+ type: string
+ - jsonPath: .status.numMirrorTopics
+ name: MirrorTopicCount
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterLink is the schema for the ClusterLink API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the cluster link.
+ properties:
+ aclFilters:
+ description: aclFilters specify the list of ACLs to be migrated from
+ the source cluster to the destination cluster.
+ items:
+ description: 'AclFilter defines the configuration for the ACLs filter.
+ This follows the same pattern as defined in the cluster linking
+ documentation. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/security.html#cluster-link-acls-migrate'
+ properties:
+ accessFilter:
+ description: AclSyncAccessFilter defines the access filter for
+ ACLs.
+ properties:
+ host:
+ description: host is the host for which operations can be
+ coming from. The default value is `*` that matches all
+ hosts.
+ type: string
+ operation:
+ description: 'operation specifies the operation type of
+ the filter. It can be `ANY` or operations based on resource
+ type defined in the following Confluent documentation:
+ https://docs.confluent.io/platform/current/kafka/authorization.html#acl-operations'
+ type: string
+ permissionType:
+ description: permissionType is the permission type of the
+ filter. Valid options are `any`, `allow`, and `deny`.
+ enum:
+ - any
+ - allow
+ - deny
+ type: string
+ principal:
+ description: principal is the name of the principal. The
+ default value is `*`.
+ type: string
+ required:
+ - operation
+ - permissionType
+ type: object
+ resourceFilter:
+ description: AclSyncResourceFilter specifies the resource filter
+ for ACLs.
+ properties:
+ name:
+ description: name is the name of the resource associated
+ with this filter. The default value is `*`.
+ type: string
+ patternType:
+ description: patternType is the pattern of the resource.
+ Valid options are `prefixed`, `literal`, `any`, and `match`.
+ enum:
+ - prefixed
+ - literal
+ - any
+ - match
+ type: string
+ resourceType:
+ description: resourceType is the type of the filter. Valid
+ options are `any`, `cluster`, `group`, `topic`, `transactionId`,
+ and `delegationToken`.
+ enum:
+ - any
+ - cluster
+ - group
+ - topic
+ - transcationId
+ - delegationToken
+ type: string
+ required:
+ - patternType
+ - resourceType
+ type: object
+ required:
+ - accessFilter
+ - resourceFilter
+ type: object
+ type: array
+ configs:
+ additionalProperties:
+ type: string
+ description: 'configs is a map of string key and value pairs. It specifies
+ additional configurations for the cluster link. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/configs.html'
+ type: object
+ x-kubernetes-map-type: granular
+ consumerGroupFilters:
+ description: consumerGroupFilters specify a list of consumer groups
+ to be migrated from the source cluster to the destination cluster.
+ items:
+ description: ClusterLinkOptionsFilter defines the scheme for a filter
+ properties:
+ filterType:
+ description: filterType specifies the filter type. Valid options
+ are `INCLUDE` and `EXCLUDE`.
+ enum:
+ - INCLUDE
+ - EXCLUDE
+ type: string
+ name:
+ description: name is the resource name associated with this
+ filter.
+ type: string
+ patternType:
+ description: patternType is the pattern of the resource. Valid
+ options are `PREFIXED` and `LITERAL`.
+ enum:
+ - PREFIXED
+ - LITERAL
+ type: string
+ required:
+ - filterType
+ - name
+ - patternType
+ type: object
+ type: array
+ destinationKafkaCluster:
+ description: destinationKafkaCluster specifies the destination Kafka
+ cluster and its REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for the
+ Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side JaaS
+ configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way to
+ provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where required credentials are
+ mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism to
+ provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the bootstrap endpoint
+ for the Kafka cluster. When `spec.sourceInitiatedLink.linkMode`
+ is configured as `Source`, this is required for `spec.destinationKafkaCluster`
+ and not required for `spec.sourceKafkaCluster`. For other cluster
+ links this is required for `spec.sourceKafkaCluster` and not
+ required for `spec.destinationKafkaCluster`.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ clusterID:
+ description: clusterID specifies the id of the Kafka cluster.
+ If clusterID is defined for the Kafka cluster, it takes precedence
+ over using the REST API for getting the cluster ID.
+ minLength: 1
+ type: string
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass application
+ resource which defines the Kafka REST API connection information.
+ When `spec.sourceInitiatedLink.linkMode` is configured as `Source`,
+ this is required for `spec.sourceKafkaCluster` and optional
+ for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
+ For other cluster links this is required for 'spec.destinationKafkaCluster`
+ and optional for `spec.sourceKafkaCluster` if the `spec.clusterID`
+ is set.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls specifies the client-side TLS configuration for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `fullchain.pem`, `privkey.pem`,
+ `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are
+ mounted.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies whether to enable the TLS configuration
+ for the cluster link. The default value is `false`.
+ type: boolean
+ keyPassword:
+ description: keyPassword references the secret containing
+ the SSL key password if the private key passed in the secretRef
+ above is encrypted.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mirrorTopicOptions:
+ description: mirrorTopicOptions specify configuration options for
+ mirror topics.
+ properties:
+ autoCreateTopics:
+ description: 'autoCreateTopics specifies configurations for the
+ cluster link to automatically create mirror topics on the destination
+ cluster for topics that exist on the source cluster based on
+ defined filters. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/mirror-topics-cp.html#auto-create-mirror-topics'
+ properties:
+ enabled:
+ description: enabled specifies whether to auto-create mirror
+ topics based on topics on the source cluster. When set to
+ “true”, mirror topics will be auto-created. Setting this
+ option to “false” disables mirror topic creation and clears
+ any existing filters.
+ type: boolean
+ topicFilters:
+ description: topicFilter contains an array of filters to apply
+ to indicate which topics should be mirrored.
+ items:
+ description: ClusterLinkOptionsFilter defines the scheme
+ for a filter
+ properties:
+ filterType:
+ description: filterType specifies the filter type. Valid
+ options are `INCLUDE` and `EXCLUDE`.
+ enum:
+ - INCLUDE
+ - EXCLUDE
+ type: string
+ name:
+ description: name is the resource name associated with
+ this filter.
+ type: string
+ patternType:
+ description: patternType is the pattern of the resource.
+ Valid options are `PREFIXED` and `LITERAL`.
+ enum:
+ - PREFIXED
+ - LITERAL
+ type: string
+ required:
+ - filterType
+ - name
+ - patternType
+ type: object
+ type: array
+ type: object
+ prefix:
+ description: prefix specifies prefix for the mirror topics of
+ the cluster link. If configured, the valid mirror topic name
+ should be defined with `` format which
+ mirrors the topic name of the format `` from
+ source cluster. When auto-create is enabled and the prefix is
+ configured then the topics created on the destination will automatically
+ contain the prefix. Otherwise, `spec.mirrorTopic.name` should
+ be defined with `` format.
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ type: object
+ mirrorTopics:
+ description: mirrorTopics specify the mirror topics under this cluster
+ link.
+ items:
+ description: MirrorTopic defines the mirror topic configuration.
+ properties:
+ configs:
+ additionalProperties:
+ type: string
+ description: configs is a map of string key and value pairs.
+ It specifies any additional configuration or configuration
+ overrides for the mirror topic.
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ description: 'name is the mirror topic name. If the sourceTopicName
+ is not configured, we assume that the sourceTopicName is the
+ same as mirrorTopicName, so a topic with the exact same name
+ must exist on the source cluster and no topic with this name
+ should exist on the destination cluster. When `spec.mirrorTopicOptions.prefix:
+ ` is configured for the cluster link, the name has
+ to be of the format ``.'
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ replicationFactor:
+ description: replicationFactor specifies the replication factor
+ for the mirror topic on the destination cluster. If this is
+ not configured, mirror topic will inherit the broker `default.replication.factor`
+ configuration.
+ format: int32
+ type: integer
+ sourceTopicName:
+ description: 'sourceTopicName is topic name on the source cluster
+ that will be mirrored to the destination cluster. When `spec.mirrorTopicOptions.prefix:
+ ` is not configured, you should not configure this
+ field. If it is configured, a topic with the exact same name
+ must exist on the source cluster.'
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ state:
+ description: state specifies the desired state for this mirror
+ topic. Valid options are `ACTIVE`, `FAILOVER`, `PAUSE`, and
+ `PROMOTE`. The default value is `ACTIVE`.
+ enum:
+ - PAUSE
+ - PROMOTE
+ - FAILOVER
+ - ACTIVE
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ name:
+ description: name specifies the cluster link name. If not configured,
+ then ClusterLink CR name is used as the cluster link name.
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ sourceInitiatedLink:
+ description: sourceInitiatedLink specify configs for source initiated
+ cluster links.
+ properties:
+ linkMode:
+ description: linkMode specifies if this source initiated cluster
+ link is in Source or Destination mode.
+ enum:
+ - Source
+ - Destination
+ type: string
+ required:
+ - linkMode
+ type: object
+ sourceKafkaCluster:
+ description: sourceKafkaCluster specifies the source Kafka cluster
+ and its REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for the
+ Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side JaaS
+ configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way to
+ provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where required credentials are
+ mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism to
+ provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the bootstrap endpoint
+ for the Kafka cluster. When `spec.sourceInitiatedLink.linkMode`
+ is configured as `Source`, this is required for `spec.destinationKafkaCluster`
+ and not required for `spec.sourceKafkaCluster`. For other cluster
+ links this is required for `spec.sourceKafkaCluster` and not
+ required for `spec.destinationKafkaCluster`.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ clusterID:
+ description: clusterID specifies the id of the Kafka cluster.
+ If clusterID is defined for the Kafka cluster, it takes precedence
+ over using the REST API for getting the cluster ID.
+ minLength: 1
+ type: string
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass application
+ resource which defines the Kafka REST API connection information.
+ When `spec.sourceInitiatedLink.linkMode` is configured as `Source`,
+ this is required for `spec.sourceKafkaCluster` and optional
+ for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
+ For other cluster links this is required for 'spec.destinationKafkaCluster`
+ and optional for `spec.sourceKafkaCluster` if the `spec.clusterID`
+ is set.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls specifies the client-side TLS configuration for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `fullchain.pem`, `privkey.pem`,
+ `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are
+ mounted.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies whether to enable the TLS configuration
+ for the cluster link. The default value is `false`.
+ type: boolean
+ keyPassword:
+ description: keyPassword references the secret containing
+ the SSL key password if the private key passed in the secretRef
+ above is encrypted.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ required:
+ - destinationKafkaCluster
+ - sourceKafkaCluster
+ type: object
+ status:
+ description: status defines the observed state of the cluster link.
+ properties:
+ clusterLinkID:
+ description: clusterLinkID is the id of the cluster link.
+ type: string
+ clusterLinkName:
+ description: clusterLinkName is the name of the cluster link.
+ type: string
+ conditions:
+ description: conditions are the latest available observations of the
+ cluster link's state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ destinationKafkaClusterID:
+ description: destinationKafkaClusterID is the ID of the destination
+ Kafka cluster.
+ type: string
+ kafkaCluster:
+ description: 'kafkaCluster is the Kafka cluster this cluster link
+ belongs to. The format is: `/`'
+ type: string
+ mirrorTopics:
+ additionalProperties:
+ description: MirrorTopicStatus specifies the status reported for
+ each mirror topic as part of the cluster link status.
+ properties:
+ replicationFactor:
+ description: replicationFactor specifies the replication factor
+ for the mirror topic on the destination cluster.
+ format: int32
+ type: integer
+ sourceTopicName:
+ description: sourceTopicName is the name of the topic being
+ mirrored on the source cluster.
+ type: string
+ status:
+ description: status is the status of the mirror topic. It can
+ be `ACTIVE`, `FAILED`, `PAUSED`, `STOPPED`, and `PENDING_STOPPED`.
+ type: string
+ type: object
+ description: mirrorTopics is a map of mirror topic name to its status
+ type: object
+ x-kubernetes-map-type: granular
+ numMirrorTopics:
+ description: numMirrorTopics is the number of mirror topics for the
+ cluster link.
+ type: integer
+ sourceKafkaClusterID:
+ description: sourceKafkaClusterID is the ID of the source Kafka cluster.
+ type: string
+ state:
+ description: state is the current state of the cluster link.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_confluentrolebindings.yaml b/crds/2.4.0/platform.confluent.io_confluentrolebindings.yaml
new file mode 100644
index 0000000..5407cb4
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_confluentrolebindings.yaml
@@ -0,0 +1,284 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: confluentrolebindings.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: ConfluentRolebinding
+ listKind: ConfluentRolebindingList
+ plural: confluentrolebindings
+ shortNames:
+ - cfrb
+ - confluentrolebinding
+ singular: confluentrolebinding
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .status.kafkaClusterID
+ name: KafkaClusterID
+ type: string
+ - jsonPath: .status.principal
+ name: Principal
+ type: string
+ - jsonPath: .status.role
+ name: Role
+ type: string
+ - jsonPath: .status.kafkaRestClass
+ name: KafkaRestClass
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafkaCluster
+ name: KafkaCluster
+ priority: 1
+ type: string
+ - jsonPath: .status.clusterRegistryName
+ name: ClusterRegistryName
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ConfluentRolebinding is the schema for the ConfluentRolebinding
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the ConfluentRolebinding.
+ properties:
+ clustersScopeByIds:
+ description: clustersScopeByIds specify the scope of the Confluent
+ component cluster(s) via cluster id(s).
+ properties:
+ connectClusterId:
+ description: connectClusterId specifies the Connect cluster id.
+ minLength: 1
+ type: string
+ kafkaClusterId:
+ description: kafkaClusterId specifies the id of the Kafka cluster
+ id.
+ minLength: 1
+ type: string
+ ksqlClusterId:
+ description: ksqlClusterId specifies the ksqlDB cluster id.
+ minLength: 1
+ type: string
+ schemaRegistryClusterId:
+ description: schemaRegistryClusterId specifies the Schema Registry
+ cluster id.
+ minLength: 1
+ type: string
+ type: object
+ clustersScopeByRegistryName:
+ description: clustersScopeByRegistryName specifies the unique cluster
+ name you registered in the cluster registry.
+ minLength: 1
+ type: string
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass that
+ defines the Kafka REST API connection information.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass application
+ resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ principal:
+ description: RolebindingPrincipal defines the principal(user/group)
+ the rolebinding belongs to.
+ properties:
+ name:
+ description: name specifies the name of the principal.
+ minLength: 1
+ type: string
+ type:
+ description: type specifies the type of the principal. Valid options
+ are `user` and `group`.
+ enum:
+ - user
+ - group
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ resourcePatterns:
+ description: resourcePatterns specify the qualified resources associated
+ with this rolebinding.
+ items:
+ description: ResourcePattern specifies the qualified resource info
+ associated with this rolebinding.
+ properties:
+ name:
+ description: name specifies the name of the resource associated
+ with this rolebinding.
+ minLength: 1
+ type: string
+ patternType:
+ description: patternType specifies the pattern of the resource.
+ Valid options are `PREFIXED` or `LITERAL`. The default value
+ is `LITERAL`.
+ enum:
+ - PREFIXED
+ - LITERAL
+ type: string
+ resourceType:
+ description: resourceType refers to the type of the resource.
+ Valid options are `Topic`, `Group`, `Subject`, `KsqlCluster`,
+ `Cluster`, `TransactionalId`, etc.
+ minLength: 1
+ type: string
+ required:
+ - name
+ - resourceType
+ type: object
+ type: array
+ role:
+ description: role specifies the name of the role.
+ minLength: 1
+ type: string
+ required:
+ - principal
+ - role
+ type: object
+ status:
+ description: status is the observed state of the ConfluentRolebinding.
+ properties:
+ clusterRegistryName:
+ description: clusterRegistryName is the cluster registry name the
+ rolebinding associated with.
+ type: string
+ conditions:
+ description: conditions are the latest available observations of the
+ rolebinding's state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ kafkaCluster:
+ description: 'kafkaCluster is the Kafka cluster the rolebinding belongs
+ to. The format is: `/`.'
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID is the id of the Kafka cluster.
+ type: string
+ kafkaRestClass:
+ description: 'kafkaRestClass is the kafkaRestClass this rolebinding
+ uses. The format is: `/`.'
+ type: string
+ mdsEndpoint:
+ description: mdsEndpoint is the MDS endpoint.
+ type: string
+ principal:
+ description: 'principal is the principal the rolebinding belongs to.
+ The format is: `:`.'
+ type: string
+ resourcePatterns:
+ description: resourcePatterns are the resource patterns this rolebinding
+ is associated with.
+ items:
+ description: ResourcePattern specifies the qualified resource info
+ associated with this rolebinding.
+ properties:
+ name:
+ description: name specifies the name of the resource associated
+ with this rolebinding.
+ minLength: 1
+ type: string
+ patternType:
+ description: patternType specifies the pattern of the resource.
+ Valid options are `PREFIXED` or `LITERAL`. The default value
+ is `LITERAL`.
+ enum:
+ - PREFIXED
+ - LITERAL
+ type: string
+ resourceType:
+ description: resourceType refers to the type of the resource.
+ Valid options are `Topic`, `Group`, `Subject`, `KsqlCluster`,
+ `Cluster`, `TransactionalId`, etc.
+ minLength: 1
+ type: string
+ required:
+ - name
+ - resourceType
+ type: object
+ type: array
+ role:
+ description: role is the role this rolebinding is associated with.
+ type: string
+ state:
+ description: state is the state of this rolebinding.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_connectors.yaml b/crds/2.4.0/platform.confluent.io_connectors.yaml
new file mode 100644
index 0000000..bc575a8
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_connectors.yaml
@@ -0,0 +1,394 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: connectors.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: Connector
+ listKind: ConnectorList
+ plural: connectors
+ shortNames:
+ - ctr
+ - connector
+ singular: connector
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .status.connectorState
+ name: ConnectorStatus
+ type: string
+ - jsonPath: .status.tasksReady
+ name: Tasks-Ready
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.connectRestEndpoint
+ name: ConnectEndpoint
+ priority: 1
+ type: string
+ - jsonPath: .status.failedTasksCount
+ name: Tasks-Failed
+ priority: 1
+ type: string
+ - jsonPath: .status.workerID
+ name: WorkerID
+ priority: 1
+ type: string
+ - jsonPath: .status.restartPolicy.type
+ name: RestartPolicy
+ priority: 1
+ type: string
+ - jsonPath: .status.kafkaClusterID
+ name: KafkaClusterID
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Connector is the schema for the Connector API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Connector.
+ properties:
+ class:
+ description: class specifies the class name of the connector. The
+ Connect cluster displays the supported class names in its status.
+ minLength: 1
+ type: string
+ configs:
+ additionalProperties:
+ type: string
+ description: configs is a map of string key and value pairs. It specifies
+ the additional configurations for the connector.
+ type: object
+ x-kubernetes-map-type: granular
+ connectClusterRef:
+ description: connectClusterRef references the CFK managed Connect
+ cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ connectRest:
+ description: connectRest specifies the Connect REST API connection
+ configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication settings
+ for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication settings
+ for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication type.
+ Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get the
+ cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the application
+ resources, e.g. connector, topic, schema, of the Confluent Platform
+ components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value
+ format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ name:
+ description: name specifies the connector name. If not configured,
+ the Connector CR name is used as the connector name.
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ restartPolicy:
+ description: restartPolicy specifies the policy to restart failed
+ tasks of the connector.
+ properties:
+ maxRetry:
+ description: maxRetry specifies the max number of tries to restart
+ failed tasks when the `restartPolicy` type is `OnFailure`. The
+ default value is `10`.
+ format: int32
+ minimum: 1
+ type: integer
+ type:
+ description: type specifies the policy type to restart connector
+ tasks. Valid options are `OnFailure` and `Never`. Default value
+ is `OnFailure`, which means it will restart automatically when
+ a task fails if the `maxRetry` value is not reached.
+ enum:
+ - OnFailure
+ - Never
+ type: string
+ required:
+ - type
+ type: object
+ taskMax:
+ description: taskMax specifies the maximum number of tasks for the
+ connector. It must be greater than 0. The connector may create fewer
+ tasks if it cannot achieve this level of parallelism.
+ format: int32
+ minimum: 1
+ type: integer
+ required:
+ - class
+ - taskMax
+ type: object
+ status:
+ description: status defines the observed state of the Connector.
+ properties:
+ conditions:
+ description: conditions are the latest available observations of the
+ connector state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ connectRestEndpoint:
+ description: connectRestEndpoint is the REST endpoint of the Connect
+ cluster.
+ type: string
+ connectorState:
+ description: connectorState is the status of the connector instance.
+ type: string
+ failedTasks:
+ additionalProperties:
+ description: TaskStatus defines the connector task status.
+ properties:
+ id:
+ description: Id is the id of the task.
+ format: int32
+ type: integer
+ retryCount:
+ description: retryCount is the number of retry attempts to restart
+ the failed task.
+ format: int32
+ type: integer
+ workerID:
+ description: workerID is the workerId for the task.
+ type: string
+ required:
+ - id
+ type: object
+ description: failedTasks is the map of connector tasks in the `FAILED`
+ state. Error messages of failed tasks are logged in the CFK logs
+ as `INFO`. You can also get the error message via Connect REST API
+ calls.
+ type: object
+ x-kubernetes-map-type: granular
+ failedTasksCount:
+ description: failedTasksCount is the number of failed tasks.
+ format: int32
+ type: integer
+ kafkaClusterID:
+ description: kafkaClusterID is the Kafka cluster id the connector
+ belongs to.
+ type: string
+ restartPolicy:
+ description: restartPolicy is the policy to restart failed tasks of
+ the connector.
+ properties:
+ maxRetry:
+ description: maxRetry specifies the max number of tries to restart
+ failed tasks when the `restartPolicy` type is `OnFailure`. The
+ default value is `10`.
+ format: int32
+ minimum: 1
+ type: integer
+ type:
+ description: type specifies the policy type to restart connector
+ tasks. Valid options are `OnFailure` and `Never`. Default value
+ is `OnFailure`, which means it will restart automatically when
+ a task fails if the `maxRetry` value is not reached.
+ enum:
+ - OnFailure
+ - Never
+ type: string
+ required:
+ - type
+ type: object
+ state:
+ description: state is the custom resource state of the connector.
+ This is not the connector state, which can be `CREATED`, `ERROR`,
+ etc.
+ type: string
+ tasksReady:
+ description: 'tasksReady is the number of running tasks based on `taskMax`.
+ The value is in the following format: `/`'
+ type: string
+ trace:
+ description: trace is the error trace message for the connector instance.
+ type: string
+ workerID:
+ description: workerID is the workerId of the connector instance.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_connects.yaml b/crds/2.4.0/platform.confluent.io_connects.yaml
new file mode 100644
index 0000000..1ee299d
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_connects.yaml
@@ -0,0 +1,5621 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: connects.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: Connect
+ listKind: ConnectList
+ plural: connects
+ shortNames:
+ - connect
+ singular: connect
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafka.bootstrapEndpoint
+ name: Kafka
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Connect is the schema for the Connect API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Connect cluster.
+ properties:
+ authentication:
+ description: authentication specifies authentication configuration.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass the
+ basic credential through a directory path in the container.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ This configuration is ignored on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme for the
+ REST API server. Valid options are `basic` and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ authorization:
+ description: authorization specifies the authorization configuration.
+ properties:
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ specifies the Kafka REST API connection configuration.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ type:
+ description: type specifies the client-side authorization type.
+ The valid option is `rbac`.
+ enum:
+ - rbac
+ type: string
+ required:
+ - type
+ type: object
+ build:
+ description: build defines the build configurations for connector
+ plugins.
+ properties:
+ onDemand:
+ description: OnDemand defines the build configurations for the
+ `onDemand` build type.
+ properties:
+ plugins:
+ description: plugins define the installation information for
+ connector plugins.
+ properties:
+ confluentHub:
+ description: confluentHub contains a list of connector
+ plugins you get from Confluent Hub.
+ items:
+ description: ConfluentHubPlugin contains the required
+ information to get the connector plugin from Confluent
+ Hub.
+ properties:
+ name:
+ description: name specifies the name of the connector
+ plugin.
+ minLength: 1
+ type: string
+ owner:
+ description: owner specifies the individual or organization
+ that provides the connector plugin, for example,
+ `confluentinc`.
+ minLength: 1
+ type: string
+ version:
+ description: version specifies the version of the
+ connector plugin, which can be either the version
+ of the plugin or the literal `latest`.
+ minLength: 1
+ type: string
+ required:
+ - name
+ - owner
+ - version
+ type: object
+ type: array
+ locationType:
+ description: locationType specifies where to get connector
+ plugins. Valid options are `confluentHub` and `url`.
+ enum:
+ - confluentHub
+ - url
+ type: string
+ url:
+ description: url contains a list of URL plugins you get
+ from external URLs.
+ items:
+ description: URLPlugin defines the information to get
+ the connector plugin from an external URL.
+ properties:
+ archivePath:
+ description: archivePath specifies the archive path
+ of the connector plugin. Currently, only support
+ ZIP archives.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ checksum:
+ description: checksum defines the sha512sum checksum
+ of the connector plugin's remote file. It is used
+ to verify the remote file after it is downloaded.
+ type: string
+ name:
+ description: name specifies the connector plugin
+ name.
+ minLength: 1
+ type: string
+ required:
+ - archivePath
+ - checksum
+ - name
+ type: object
+ type: array
+ required:
+ - locationType
+ type: object
+ storageLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: storageLimit specifies the max amount of node
+ volume that can be used to store connector plugins. The
+ default value is `4G`.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - plugins
+ type: object
+ type:
+ description: type specifies the build type for connector plugins.
+ Currently only the `onDemand` type is supported.
+ enum:
+ - onDemand
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the Connect cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ connectorOverridePolicy:
+ description: 'connectorOverridePolicy allows the policy to permit
+ per-connector override configuration for producer/consumer/admin
+ prefix. More info: https://docs.confluent.io/platform/current/connect/security.html#separate-principals'
+ enum:
+ - All
+ - Principal
+ type: string
+ connectorTLSCerts:
+ description: connectorTLSCerts are the custom TLS certificates injected
+ into the Connect cluster for connectors to use. Check the Connect
+ status for the mount path of the certificates. A change will roll
+ the cluster.
+ items:
+ description: CustomTLSCertificate defines the custom TLS structure
+ for the application resources (connector, topic, schema, etc.)
+ of the Confluent Platform component.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value format:
+ https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: array
+ dependencies:
+ description: ConnectDependencies contains the dependencies the Connect
+ requires or can enable.
+ properties:
+ admin:
+ description: admin contains the security configuration to connect
+ to the admin client. If `bootstrapEndpoint` is not configured,
+ the security is configured based on the Kafka dependency configuration.
+ Configure this property if different bootstrap endpoint is required
+ for the admin client.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ consumer:
+ description: consumer contains the security configuration to connect
+ to the Kafka cluster. It is used for sink connectors. If `bootstrapEndpoint`
+ is not configured, the security is configured based on the Kafka
+ dependency configuration. Configure this property if different
+ bootstrap endpoint is required for the consumer.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ interceptor:
+ description: interceptor contains the dependency configuration
+ for the monitoring interceptor.
+ properties:
+ configs:
+ description: configs describe the configurations for the Confluent
+ Platform interceptor. The config override feature can be
+ used to pass the configuration settings.
+ items:
+ type: string
+ type: array
+ consumer:
+ description: consumer specifies the consumer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ enabled:
+ description: enabled indicates whether the Confluent Platform
+ interceptor is enabled or disabled.
+ type: boolean
+ producer:
+ description: producer specifies the producer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ publishMs:
+ type: integer
+ required:
+ - enabled
+ type: object
+ kafka:
+ description: kafka contains the Connect dependency for connecting
+ to Kafka. The discovery method is used if this is not specified.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds contains the configuration for MDS dependency
+ when RBAC is enabled.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration for the MDS.
+ properties:
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication method
+ for the MDS. The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - bearer
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies the MDS endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: ClientTLSConfig specifies the TLS configuration
+ for the Confluent component (dependencies, listeners).
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token keypair to configure
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - authentication
+ - endpoint
+ - tokenKeyPair
+ type: object
+ producer:
+ description: producer contains the security configuration to connect
+ to the Kafka cluster. It is used for source connectors. If `bootstrapEndpoint`
+ is not configured, the security is configured based on the Kafka
+ dependency configuration. Configure this property if different
+ bootstrap endpoint of security is required for the producer.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ schemaRegistry:
+ description: schemaRegistry contains the dependency configuration
+ for the Schema Registry cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for
+ the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - url
+ type: object
+ type: object
+ enableSchemas:
+ description: enableSchemas indicates whether to enable scheme or not.
+ type: boolean
+ externalAccess:
+ description: CPExternalAccess holds all external access policies for
+ the non-Kafka component clusters.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration to create
+ a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to: `://.`
+ where podId starts from `0` to `replicaCount -1`. This is
+ only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for the client
+ consumption. If not configured, the same internal/external
+ port is configured for the component. Information about
+ the port can be retrieved through the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given domain.
+ The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided service
+ port(s).
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create a
+ Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to `://:,
+ where`podId` starts from `0` to `replicaCount - 1`. This
+ is only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting offset
+ of the node ports. The port numbers go in ascending order
+ with respect to the replicas count. NodePort service creation
+ fails if the node port is not in the range supported by
+ the Kubernetes API server. The default Kubernetes Node Port
+ range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service port(s).
+ For Kafka with the nodePort type, this setting is only applied
+ to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create a route
+ service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the Confluent
+ component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix when configured
+ for the domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a route that
+ covers all hosts within a domain. Valid options are `Subdomain`
+ and `None`. The default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service for
+ the component. Valid options are `loadBalancer`, `nodePort`,
+ and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ internalTopicReplicationFactor:
+ description: internalTopicReplicationFactor specifies the replication
+ factor for the internal topics. The default value is `3`.
+ format: int32
+ type: integer
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ keyConverterType:
+ description: keyConverterType specifies the supported key converters
+ package for the Confluent Platform. For the supported converter
+ types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters.
+ The default value is `org.apache.kafka.connect.json.JsonConverter`.
+ minLength: 1
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the global-level TLS configuration.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ valueConverterType:
+ description: valueConverterType specifies the supported value converters
+ package for the Confluent Platform. For the supported converter
+ types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters.
+ The default value is `org.apache.kafka.connect.json.JsonConverter`.
+ minLength: 1
+ type: string
+ required:
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the Connect cluster.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ connectorPlugins:
+ description: connectorPlugins are the installed connector plugins.
+ items:
+ description: ConnectorPluginStatus defines the state of the connector
+ plugin.
+ properties:
+ class:
+ description: class specifies the class name of the connector
+ plugin.
+ type: string
+ type:
+ description: type is the connector plugin type, which can be
+ `SOURCE`, `SINK` or `UNKNOWN`.
+ type: string
+ version:
+ description: version is the current version of the connector
+ plugin.
+ type: string
+ required:
+ - class
+ type: object
+ type: array
+ connectorTLSFilePaths:
+ description: connectorTLSFilePaths are the connector TLS file paths.
+ items:
+ description: CustomTLSFilePathStatus specifies the file paths of
+ the custom TLS certificates.
+ properties:
+ jksPasswordPath:
+ description: jksPasswordPath contains the absolute path of the
+ `jksPassword.txt` file.
+ type: string
+ keyStorePath:
+ description: keyStorePath contains the absolute path of the
+ keystore file, `.jks` or `.p12`.
+ type: string
+ trustStorePath:
+ description: trustStorePath contains the absolute path of the
+ truststore file, `.jks` or `.p12`.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ groupID:
+ description: groupID is the group id of the Connect cluster.
+ type: string
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ kafka:
+ description: kafka is the Kafka client side status for the Connect
+ cluster.
+ properties:
+ authenticationType:
+ description: authenticationType describes the authentication method
+ for the Kafka cluster.
+ type: string
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ tls:
+ description: tls indicates whether TLS is enabled for the Kafka
+ dependency.
+ type: boolean
+ type: object
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ rbac:
+ description: rbac contains the RBAC-related status when RBAC is enabled.
+ properties:
+ clusterID:
+ description: clusterID specifies the id of the cluster.
+ type: string
+ internalRolebindings:
+ description: internalRolebindings specifies the internal rolebindings.
+ items:
+ type: string
+ type: array
+ type: object
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ restConfig:
+ description: restConfig is the REST configuration of the Connect cluster.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_controlcenters.yaml b/crds/2.4.0/platform.confluent.io_controlcenters.yaml
new file mode 100644
index 0000000..c1b7404
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_controlcenters.yaml
@@ -0,0 +1,5318 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: controlcenters.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: ControlCenter
+ listKind: ControlCenterList
+ plural: controlcenters
+ shortNames:
+ - controlcenter
+ - c3
+ singular: controlcenter
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafka.bootstrapEndpoint
+ name: Kafka
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ControlCenter is the schema for the Control Center API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Control Center cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configurations.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass the
+ basic credential through a directory path in the container.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ This configuration is ignored on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ ldap:
+ description: ldap specifies the configuration for Control Center
+ LDAP authentication.
+ properties:
+ debug:
+ description: debug enables basic authentication debug logs
+ for JaaS configuration.
+ type: boolean
+ property:
+ additionalProperties:
+ type: string
+ description: property is a map of string key and value pairs
+ that specifies the LDAP configuration. Use a secret object
+ to pass username/password.
+ type: object
+ x-kubernetes-map-type: granular
+ restrictedRoles:
+ description: restrictedRoles specify the restricted access
+ roles.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ secretRef:
+ description: 'secretRef references the secret to pass required
+ credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#ldap-authentication-for-c3'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication type of the Control
+ Center. Valid options are `basic`, `ldap`, and `mtls`.
+ enum:
+ - basic
+ - ldap
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ authorization:
+ description: authorization specifies the authorization configurations.
+ properties:
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ specifies the Kafka REST API connection configuration.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ type:
+ description: type specifies the client-side authorization type.
+ The valid option is `rbac`.
+ enum:
+ - rbac
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the Control Center.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dataVolumeCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: dataVolumeCapacity specifies the data size for the persistent
+ volume.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ dependencies:
+ description: dependencies specify the dependencies configurations.
+ properties:
+ connect:
+ description: connect defines the Connect worker dependency configurations.
+ items:
+ description: ControlCenterConnectDependency defines the Connect
+ dependency settings.
+ properties:
+ authentication:
+ description: authentication specifies the authentication
+ configuration for the Connect cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to
+ pass the basic credential through a directory
+ path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be
+ only reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference
+ to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic`
+ and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ name:
+ description: name specifies the Connect cluster name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ tls:
+ description: tls specifies the client-side TLS setting for
+ the Connect cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are mounted.
+ `truststore.jks` is not configured and can be ignored
+ when the `ignoreTrustStoreConfig` field is set to
+ `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info:
+ https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Connect
+ cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ kafka:
+ description: kafka defines the Kafka dependency configurations.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ ksqldb:
+ description: ksqldb defines the ksqlDB dependency configurations.
+ items:
+ description: ControlCenterKSQLDependency defines the ksqlDB
+ dependency settings.
+ properties:
+ advertisedUrl:
+ description: advertisedUrl specifies the advertised URL
+ to use in the browser.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ authentication:
+ description: authentication specifies the authentication
+ for the ksqlDB cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to
+ pass the basic credential through a directory
+ path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be
+ only reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference
+ to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic`
+ and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ name:
+ description: name specifies the ksqlDB cluster name.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the client-side TLS setting for
+ the ksqlDB cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are mounted.
+ `truststore.jks` is not configured and can be ignored
+ when the `ignoreTrustStoreConfig` field is set to
+ `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info:
+ https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the ksqlDB
+ cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ mds:
+ description: mds defines the RBAC dependency configurations.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration for the MDS.
+ properties:
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication method
+ for the MDS. The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - bearer
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies the MDS endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: ClientTLSConfig specifies the TLS configuration
+ for the Confluent component (dependencies, listeners).
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token keypair to configure
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - authentication
+ - endpoint
+ - tokenKeyPair
+ type: object
+ schemaRegistry:
+ description: schemaRegistry defines the Schema Registry dependency
+ configurations.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for
+ the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ clusters:
+ items:
+ description: ControlCenterMultiSchemaRegistryDependency
+ defines the Schema Registry dependency List.
+ properties:
+ authentication:
+ description: authentication specifies the authentication
+ for the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for
+ basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows
+ to pass the basic credential through a directory
+ path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will
+ be only reflected in Control Center. This
+ configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the
+ server side only. This configuration is ignored
+ on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference
+ to pass the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic`
+ and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ name:
+ description: name defines the Schema Registry cluster
+ name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ tls:
+ description: tls defines the client-side TLS setting
+ for the Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS
+ configuration for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the
+ Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name
+ of the secret containing the JKS password.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - url
+ type: object
+ type: object
+ externalAccess:
+ description: externalAccess specifies the external access configuration
+ for the Control Center cluster.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration to create
+ a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to: `://.`
+ where podId starts from `0` to `replicaCount -1`. This is
+ only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for the client
+ consumption. If not configured, the same internal/external
+ port is configured for the component. Information about
+ the port can be retrieved through the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given domain.
+ The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided service
+ port(s).
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create a
+ Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to `://:,
+ where`podId` starts from `0` to `replicaCount - 1`. This
+ is only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting offset
+ of the node ports. The port numbers go in ascending order
+ with respect to the replicas count. NodePort service creation
+ fails if the node port is not in the range supported by
+ the Kubernetes API server. The default Kubernetes Node Port
+ range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service port(s).
+ For Kafka with the nodePort type, this setting is only applied
+ to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create a route
+ service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the Confluent
+ component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix when configured
+ for the domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a route that
+ covers all hosts within a domain. Valid options are `Subdomain`
+ and `None`. The default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service for
+ the component. Valid options are `loadBalancer`, `nodePort`,
+ and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ id:
+ description: id specifies the prefix used for this instance of Control
+ Center when multiple instances of Control Center co-exist.
+ format: int32
+ type: integer
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ internalTopicReplicatorFactor:
+ description: internalTopicReplicationFactor specifies the replication
+ factor for internal topics.
+ format: int32
+ type: integer
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ mail:
+ description: mail specifies the settings that control the SMTP server
+ and account used when an alert triggers an email action.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for SMTP.
+ SMP only supports basic authentication. For other types of authentication,
+ use the config overrides capability.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme for
+ the REST API client. Valid options are `basic` and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ checkServerIdentity:
+ description: checkServerIdentity forces validation of server’s
+ certificate when using STARTTLS or SSL.
+ type: boolean
+ hostname:
+ description: hostname is the hostname of the outgoing SMTP server.
+ minLength: 1
+ type: string
+ mailBounceAddress:
+ description: mailBounceAddress is the override for the `mailFrom`
+ config to send message.
+ minLength: 1
+ type: string
+ mailFrom:
+ description: mailFrom is the originating address for emails sent
+ from the Control Center.
+ minLength: 1
+ type: string
+ port:
+ description: port is the SMTP port open on the hostname.
+ format: int32
+ type: integer
+ startTLSRequired:
+ description: startTLSRequired forces using STARTTLS.
+ type: boolean
+ required:
+ - hostname
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ monitoringKafkaClusters:
+ description: monitoringKafkaClusters specify the configurations for
+ the Kafka clusters that this Control Center monitors.
+ items:
+ description: MonitoringKafkaClusters defines the configuration of
+ the additional Kafka clusters the Control Center monitors.
+ properties:
+ authentication:
+ description: authentication defines the authentication for the
+ Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform component
+ is running. The default value is the namespace where CFK
+ is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used to
+ discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ name:
+ description: name defines the Kafka cluster name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to
+ ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ name:
+ description: name is the Control Center cluster name.
+ type: string
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ storageClass:
+ description: storageClass references the user-provided storage class.
+ properties:
+ name:
+ description: name is the storage class name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the TLS configurations.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - dataVolumeCapacity
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the Control Center cluster.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ controlCenterName:
+ description: name is the name of the Control Center cluster.
+ type: string
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ id:
+ description: id is the identifier of the Control Center cluster.
+ format: int32
+ type: integer
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ kafka:
+ description: kafka is the Kafka client side status for the Control
+ Center cluster.
+ properties:
+ authenticationType:
+ description: authenticationType describes the authentication method
+ for the Kafka cluster.
+ type: string
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ tls:
+ description: tls indicates whether TLS is enabled for the Kafka
+ dependency.
+ type: boolean
+ type: object
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ rbac:
+ description: rbac contains the RBAC-related status when RBAC is enabled.
+ properties:
+ clusterID:
+ description: clusterID specifies the id of the cluster.
+ type: string
+ internalRolebindings:
+ description: internalRolebindings specifies the internal rolebindings.
+ items:
+ type: string
+ type: array
+ type: object
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ restConfig:
+ description: restConfig is the REST API configuration of the Control
+ Center cluster.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ required:
+ - id
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_kafkarestclasses.yaml b/crds/2.4.0/platform.confluent.io_kafkarestclasses.yaml
new file mode 100644
index 0000000..09d96bd
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_kafkarestclasses.yaml
@@ -0,0 +1,377 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: kafkarestclasses.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: KafkaRestClass
+ listKind: KafkaRestClassList
+ plural: kafkarestclasses
+ shortNames:
+ - krc
+ - kafkarestclass
+ singular: kafkarestclass
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KafkaRestClass is the schema for the Kafka REST API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the KafkaRestClass.
+ properties:
+ kafkaClusterRef:
+ description: kafkaClusterRef specifies the name of the Kafka cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ kafkaRest:
+ description: kafkaRest specifies the Kafka REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication settings
+ for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication settings
+ for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication type.
+ Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get the
+ cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the application
+ resources, e.g. connector, topic, schema, of the Confluent Platform
+ components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value
+ format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ secondaryKafkaClusterRef:
+ description: secondaryKafkaClusterRef specifies the name of the secondary
+ Kafka cluster when using centralized RBAC.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ secondaryKafkaRest:
+ description: secondaryKafkaRest specifies the secondary Kafka REST
+ API configuration when using centralized RBAC.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication settings
+ for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication settings
+ for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication type.
+ Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get the
+ cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the application
+ resources, e.g. connector, topic, schema, of the Confluent Platform
+ components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value
+ format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ type: object
+ status:
+ description: status defines the observed state of the KafkaRestClass.
+ properties:
+ conditions:
+ description: conditions are the latest available observed state of
+ the kafkaRestClass.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ endpoint:
+ description: endpoint specifies the Kafka REST API / MDS endpoint.
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of the Kafka cluster.
+ If using centralized RBAC and kafkaRestClass is for the secondary
+ Kafka cluster, it will be the cluster id of the secondary Kafka
+ cluster.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_kafkarestproxies.yaml b/crds/2.4.0/platform.confluent.io_kafkarestproxies.yaml
new file mode 100644
index 0000000..86de964
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_kafkarestproxies.yaml
@@ -0,0 +1,4955 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: kafkarestproxies.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: KafkaRestProxy
+ listKind: KafkaRestProxyList
+ plural: kafkarestproxies
+ shortNames:
+ - kafkarestproxy
+ - krp
+ singular: kafkarestproxy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafka.bootstrapEndpoint
+ name: Kafka
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KafkaRestProxy is the schema for the Kafka REST Proxy API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the KafkaRestProxy cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configurations
+ for the KafkaRestProxy cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass the
+ basic credential through a directory path in the container.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ This configuration is ignored on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme for the
+ REST API server. Valid options are `basic` and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ authorization:
+ description: authorization specifies the RBAC configuration for the
+ KafkaRestProxy cluster.
+ properties:
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ specifies the Kafka REST API connection configuration.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ type:
+ description: type specifies the client-side authorization type.
+ The valid option is `rbac`.
+ enum:
+ - rbac
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the KafkaRestProxy cluster. A
+ change will roll the cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dependencies:
+ description: dependencies specifies the dependency configurations
+ for Kafka, Interceptor, Schema Registry, and the MDS.
+ properties:
+ interceptor:
+ description: interceptor specifies the interceptor dependency
+ configuration.
+ properties:
+ configs:
+ description: configs describe the configurations for the Confluent
+ Platform interceptor. The config override feature can be
+ used to pass the configuration settings.
+ items:
+ type: string
+ type: array
+ consumer:
+ description: consumer specifies the consumer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ enabled:
+ description: enabled indicates whether the Confluent Platform
+ interceptor is enabled or disabled.
+ type: boolean
+ producer:
+ description: producer specifies the producer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ publishMs:
+ type: integer
+ required:
+ - enabled
+ type: object
+ kafka:
+ description: kafka specifies the Kafka dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds specifies the MDS dependencies configuration.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration for the MDS.
+ properties:
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication method
+ for the MDS. The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - bearer
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies the MDS endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: ClientTLSConfig specifies the TLS configuration
+ for the Confluent component (dependencies, listeners).
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token keypair to configure
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - authentication
+ - endpoint
+ - tokenKeyPair
+ type: object
+ schemaRegistry:
+ description: schemaRegistry specifies the Schema Registry dependency
+ configuration.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for
+ the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - url
+ type: object
+ type: object
+ externalAccess:
+ description: externalAccess specifies the external access configuration.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration to create
+ a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to: `://.`
+ where podId starts from `0` to `replicaCount -1`. This is
+ only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for the client
+ consumption. If not configured, the same internal/external
+ port is configured for the component. Information about
+ the port can be retrieved through the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given domain.
+ The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided service
+ port(s).
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create a
+ Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to `://:,
+ where`podId` starts from `0` to `replicaCount - 1`. This
+ is only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting offset
+ of the node ports. The port numbers go in ascending order
+ with respect to the replicas count. NodePort service creation
+ fails if the node port is not in the range supported by
+ the Kubernetes API server. The default Kubernetes Node Port
+ range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service port(s).
+ For Kafka with the nodePort type, this setting is only applied
+ to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create a route
+ service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the Confluent
+ component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix when configured
+ for the domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a route that
+ covers all hosts within a domain. Valid options are `Subdomain`
+ and `None`. The default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service for
+ the component. Valid options are `loadBalancer`, `nodePort`,
+ and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the TLS configurations for the KafkaRestProxy
+ cluster.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the KafkaRestProxy cluster.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ kafka:
+ description: kafka is the Kafka client side status for the KafkaRestProxy
+ cluster.
+ properties:
+ authenticationType:
+ description: authenticationType describes the authentication method
+ for the Kafka cluster.
+ type: string
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ tls:
+ description: tls indicates whether TLS is enabled for the Kafka
+ dependency.
+ type: boolean
+ type: object
+ metricPrefix:
+ description: metricPrefix is the prefix for the JMX metric of the
+ KafkaRestProxy.
+ type: string
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ rbac:
+ description: rbac contains the RBAC-related status when RBAC is enabled.
+ properties:
+ clusterID:
+ description: clusterID specifies the id of the cluster.
+ type: string
+ internalRolebindings:
+ description: internalRolebindings specifies the internal rolebindings.
+ items:
+ type: string
+ type: array
+ type: object
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ restConfig:
+ description: restConfig is the REST API configuration of the KafkaRestProxy.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_kafkas.yaml b/crds/2.4.0/platform.confluent.io_kafkas.yaml
new file mode 100644
index 0000000..4ad0bed
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_kafkas.yaml
@@ -0,0 +1,7309 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: kafkas.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: Kafka
+ listKind: KafkaList
+ plural: kafkas
+ shortNames:
+ - kafka
+ - broker
+ singular: kafka
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.zookeeperConnect
+ name: Zookeeper
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Kafka is the schema for the Kafka API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Kafka cluster.
+ properties:
+ authorization:
+ description: authorization specifies the authorization configuration.
+ properties:
+ superUsers:
+ description: superUsers specify the super users to give the admin
+ privilege on the Kafka Cluster. This list takes the format as
+ `User:`
+ items:
+ type: string
+ type: array
+ type:
+ description: type specifies the authorization type. The valid
+ options are `rbac` and `simple`.
+ enum:
+ - rbac
+ - simple
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the Kafka cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dataVolumeCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: dataVolumeCapacity specifies the persistent volume capacity
+ for the Kafka cluster.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ dependencies:
+ description: dependencies specify the Kafka dependencies, such as
+ Zookeeper and centralized MDS.
+ properties:
+ kafkaRest:
+ description: kafkaRest provides the REST client configuration
+ for the MDS when RBAC is enabled.
+ properties:
+ authentication:
+ description: authentication specifies the Kafka authentication
+ for Kafka REST API or MDS.
+ properties:
+ bearer:
+ description: bearer is the authentication mechanism to
+ provide principals. Only supported in RBAC deployment.
+ Required when authentication type is set to `bearer`.
+ This field will be deprecated, please configure oauthbearer
+ instead.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provide principals. Only supported in RBAC deployment.
+ Required when authentication type is set to `oauthbearer`.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `bearer`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies Kafka bootstrap endpoint
+ for the admin REST API. It is not needed when RBAC is enabled.
+ If not configured, then default to the replication listener
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ endpoint:
+ description: endpoint specifies the custom MDS http|s endpoint.
+ Not required to configure in most of the scenarios.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: tls specifies the client-side TLS configuration
+ to connect to the Kafka REST API.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds specifies the dependency configuration for the
+ primary MDS.
+ properties:
+ endpoint:
+ description: endpoint defines the primary Kafka cluster boostrap
+ endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafka:
+ description: kafka specifies the dependency configuration
+ for Kafka cluster.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the primary
+ MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token key pair for
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - endpoint
+ - kafka
+ - tokenKeyPair
+ type: object
+ schemaRegistry:
+ description: schemaRegistry specifies the dependency configuration
+ for the Schema Registry cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for
+ the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - url
+ type: object
+ zookeeper:
+ description: zookeeper specifies the dependency configuration
+ for Zookeeper.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration of Zookeeper for Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ discovery:
+ description: discovery specifies the capability to discover
+ the Zookeeper cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ endpoint:
+ description: endpoint specifies the Zookeeper endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ tls:
+ description: tls specifies the TLS configuration of Zookeeper
+ for Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ identityProvider:
+ description: identityProvider specifies the identity provider configuration.
+ It is only required for the Kafka authentication type `ldap`. When
+ the MDS is enabled, this property is ignored, and the LDAP configuration
+ in `spec.services.mds.provider` will be used.
+ properties:
+ ldap:
+ description: ldap defines the LDAP service configuration.
+ properties:
+ address:
+ description: address defines the LDAP server address.
+ type: string
+ authentication:
+ description: LdapAuthentication specifies the LDAP authentication
+ configuration.
+ properties:
+ simple:
+ description: simple specifies simple authentication configuration
+ for the LDAP.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the
+ directory path in the container where the credentials
+ are mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the
+ secret that contains the credentials.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type defines the authentication method for
+ LDAP. Valid options are `simple` and `mtls`.
+ enum:
+ - simple
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ configurations:
+ description: configurations defines the LDAP configurations
+ for Confluent RBAC.
+ properties:
+ groupMemberAttribute:
+ description: groupMemberAttribute specifies the LDAP group
+ member attribute.
+ minLength: 1
+ type: string
+ groupMemberAttributePattern:
+ description: groupMemberAttributePattern specifies the
+ regular expression pattern for the LDAP group member
+ attribute.
+ minLength: 1
+ type: string
+ groupNameAttribute:
+ description: groupNameAttribute specifies the LDAP group
+ name attribute.
+ minLength: 1
+ type: string
+ groupObjectClass:
+ description: groupObjectClass specifies the LDAP group
+ object class.
+ minLength: 1
+ type: string
+ groupSearchBase:
+ description: groupSearchBase specifies the LDAP search
+ base for the group-based search.
+ minLength: 1
+ type: string
+ groupSearchFilter:
+ description: groupSearchFilter specifies the LDAP search
+ filter for the group-based search.
+ minLength: 1
+ type: string
+ groupSearchScope:
+ description: groupSearchScope specifies the LDAP search
+ scope for the group-based search.
+ format: int32
+ type: integer
+ userMemberOfAttributePattern:
+ description: userMemberOfAttributePattern specifies the
+ regular expression pattern for the LDAP user member
+ attribute.
+ minLength: 1
+ type: string
+ userNameAttribute:
+ description: userNameAttribute specifies the LDAP username
+ attribute.
+ minLength: 1
+ type: string
+ userObjectClass:
+ description: userObjectClass specifies the LDAP user object
+ class.
+ minLength: 1
+ type: string
+ userSearchBase:
+ description: userSearchBase specifies the LDAP search
+ base for the user-based search.
+ minLength: 1
+ type: string
+ userSearchFilter:
+ description: userSearchFilter specifies the LDAP search
+ filter for the user-based search.
+ minLength: 1
+ type: string
+ userSearchScope:
+ description: userSearchScope specifies the LDAP search
+ scope for the user-based search.
+ format: int32
+ type: integer
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the LDAP.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ required:
+ - address
+ - authentication
+ - configurations
+ type: object
+ type:
+ description: type defines the identity provider type. The valid
+ option is `ldap`.
+ enum:
+ - ldap
+ type: string
+ required:
+ - ldap
+ - type
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ listeners:
+ description: listeners specify the listeners configurations.
+ properties:
+ custom:
+ description: custom defines the list of KafkaCustomListener.
+ items:
+ description: KafkaCustomListener defines the Kafka custom listener.
+ properties:
+ authentication:
+ description: authentication specifies the authentication
+ configuration for the listener.
+ properties:
+ jaasConfig:
+ description: 'jaasConfig specifies the JaaS configuration.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: 'jaasConfigPassThrough specifies another
+ way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ principalMappingRules:
+ items:
+ type: string
+ type: array
+ type:
+ description: type specifies the Kafka or Zookeeper authentication
+ type. Valid options are `plain`, `digest`, `mtls`,
+ and `ldap`.
+ enum:
+ - plain
+ - digest
+ - mtls
+ - ldap
+ type: string
+ required:
+ - type
+ type: object
+ externalAccess:
+ description: externalAccess defines the external access
+ configuration for the Kafka cluster.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration
+ to create Kubernetes load balancer services.
+ properties:
+ advertisedPort:
+ description: advertisedPort specifies the advertised
+ port for Kafka external access. If not configured,
+ it will be the same as the listener port. Information
+ about the advertised port can be retrieved through
+ the status API.
+ format: int32
+ type: integer
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key
+ and value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ bootstrapPrefix:
+ description: bootstrapPrefix specifies the prefix
+ for the Kafka bootstrap advertised endpoint and
+ will be added as `bootstrapPrefix.domain`. The
+ default value is the Kafka cluster name.
+ minLength: 1
+ type: string
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the Kafka broker advertised endpoint and will
+ be added as `brokerPrefix.domain`. The default
+ value is `b`, such as `b#.domain` where `#` starts
+ from `0` to the replicas count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain is the domain name of the component
+ cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the
+ external traffic policy for the service. Valid
+ options are `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this
+ service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the
+ source ranges.
+ items:
+ type: string
+ type: array
+ servicePorts:
+ description: servicePorts specify the user-provided
+ service port(s).
+ items:
+ description: ServicePort contains information
+ on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for
+ this port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per
+ RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within
+ the service. This must be a DNS_LABEL. All
+ ports within a ServiceSpec must have unique
+ names. When considering the endpoints for
+ a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one
+ ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service
+ requires one. If this field is specified
+ when creating a Service which does not need
+ it, creation will fail. This field will
+ be wiped when updating a Service to no longer
+ need it (e.g. changing type from NodePort
+ to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed
+ by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME. If this is
+ a string, it will be looked up as a named
+ port in the target Pod''s container ports.
+ If this is not specified, the value of the
+ ''port'' field is used (an identity map).
+ This field is ignored for services with
+ clusterIP=None, and should be omitted or
+ set equal to the ''port'' field. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the
+ configurations of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to
+ create Kubernetes node port services.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to `://:, where`podId` starts from `0` to
+ `replicaCount - 1`. This is only recommended if
+ you cannot add internal SANs to the TLS certificates
+ for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain`
+ where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key
+ and value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the
+ external traffic policy for the service. Valid
+ options are `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this
+ service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting
+ offset of the node ports. The port numbers go
+ in ascending order with respect to the replicas
+ count. NodePort service creation fails if the
+ node port is not in the range supported by the
+ Kubernetes API server. The default Kubernetes
+ Node Port range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided
+ service port(s). For Kafka with the nodePort type,
+ this setting is only applied to Kafka bootstrap
+ service.
+ items:
+ description: ServicePort contains information
+ on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for
+ this port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per
+ RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within
+ the service. This must be a DNS_LABEL. All
+ ports within a ServiceSpec must have unique
+ names. When considering the endpoints for
+ a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one
+ ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service
+ requires one. If this field is specified
+ when creating a Service which does not need
+ it, creation will fail. This field will
+ be wiped when updating a Service to no longer
+ need it (e.g. changing type from NodePort
+ to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed
+ by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME. If this is
+ a string, it will be looked up as a named
+ port in the target Pod''s container ports.
+ If this is not specified, the value of the
+ ''port'' field is used (an identity map).
+ This field is ignored for services with
+ clusterIP=None, and should be omitted or
+ set equal to the ''port'' field. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the
+ configurations of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create
+ route services in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key
+ and value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ bootstrapPrefix:
+ description: bootstrapPrefix specifies the prefix
+ for the Kafka bootstrap advertised endpoint and
+ will be added as `bootstrapPrefix.domain`. The
+ default value is the Kafka cluster name.
+ minLength: 1
+ type: string
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the Kafka broker advertised endpoint and will
+ be added as `brokerPrefix.domain`. The default
+ value is `b`, such as `b#.domain` where `#` starts
+ from `0` to the replicas count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain specifies the domain name of
+ the Confluent component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this
+ service.
+ type: object
+ x-kubernetes-map-type: granular
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define
+ a route that covers all hosts within a domain.
+ Valid options are `Subdomain` and `None`. The
+ default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ staticForHostBasedRouting:
+ description: staticForHostBasedRouting enables external
+ access by doing host based routing through the SNI
+ capability. With this schema, CFK only configures
+ Kafka advertised listeners, and no Kubernetes external
+ service is created.
+ properties:
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the broker advertised endpoints and are added
+ as `brokerPrefix.domain`. If not configured, it
+ will add `b` as a prefix, such as `b#.domain`
+ where `#` will start from `0` to the replicas
+ count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain specifies the domain name for
+ the Kafka cluster.
+ minLength: 1
+ type: string
+ port:
+ description: port specifies the port to be used
+ in the advertised listener for a broker.
+ format: int32
+ type: integer
+ required:
+ - domain
+ - port
+ type: object
+ staticForPortBasedRouting:
+ description: staticForPortBasedRouting enables external
+ access by port routing. With this schema, CFK only
+ configures Kafka advertised listeners, and no Kubernetes
+ external service is created.
+ properties:
+ host:
+ description: host defines the host name to be used
+ in the advertised listener for a broker.
+ minLength: 1
+ type: string
+ portOffset:
+ description: portOffset specifies the starting port
+ number. The port numbers go in ascending order
+ with respect to the replicas count.
+ format: int32
+ type: integer
+ required:
+ - host
+ - portOffset
+ type: object
+ type:
+ description: type specifies the Kubernetes service for
+ external access. Valid options are `loadBalancer`,
+ `nodePort`, `route`, `staticForPortBasedRouting`,
+ and `staticForHostBasedRouting`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ - staticForPortBasedRouting
+ - staticForHostBasedRouting
+ type: string
+ required:
+ - type
+ type: object
+ name:
+ description: name specifies the name of the custom listener.
+ `internal`, `external`, and `token` are reserved by CFK
+ and can't be used for this property.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: port binds the given port to the custom listener.
+ Port numbers lower than `9093` are reserved by CFK.
+ format: int32
+ minimum: 9093
+ type: integer
+ tls:
+ description: tls specifies the TLS configuration for the
+ listener.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are mounted.
+ `truststore.jks` is not configured and can be ignored
+ when the `ignoreTrustStoreConfig` field is set to
+ `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info:
+ https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ external:
+ description: external specifies the Kafka external listener.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the listener.
+ properties:
+ jaasConfig:
+ description: 'jaasConfig specifies the JaaS configuration.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: 'jaasConfigPassThrough specifies another
+ way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ principalMappingRules:
+ items:
+ type: string
+ type: array
+ type:
+ description: type specifies the Kafka or Zookeeper authentication
+ type. Valid options are `plain`, `digest`, `mtls`, and
+ `ldap`.
+ enum:
+ - plain
+ - digest
+ - mtls
+ - ldap
+ type: string
+ required:
+ - type
+ type: object
+ externalAccess:
+ description: externalAccess defines the external access configuration
+ for the Kafka cluster.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration
+ to create Kubernetes load balancer services.
+ properties:
+ advertisedPort:
+ description: advertisedPort specifies the advertised
+ port for Kafka external access. If not configured,
+ it will be the same as the listener port. Information
+ about the advertised port can be retrieved through
+ the status API.
+ format: int32
+ type: integer
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ bootstrapPrefix:
+ description: bootstrapPrefix specifies the prefix
+ for the Kafka bootstrap advertised endpoint and
+ will be added as `bootstrapPrefix.domain`. The default
+ value is the Kafka cluster name.
+ minLength: 1
+ type: string
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the Kafka broker advertised endpoint and will be
+ added as `brokerPrefix.domain`. The default value
+ is `b`, such as `b#.domain` where `#` starts from
+ `0` to the replicas count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain is the domain name of the component
+ cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the
+ source ranges.
+ items:
+ type: string
+ type: array
+ servicePorts:
+ description: servicePorts specify the user-provided
+ service port(s).
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create
+ Kubernetes node port services.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount
+ - 1`. This is only recommended if you cannot add
+ internal SANs to the TLS certificates for MDS and
+ the external DNS must be resolved inside the Kubernetes
+ cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain` where
+ `#` will start from `0` to `replicaCount -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting
+ offset of the node ports. The port numbers go in
+ ascending order with respect to the replicas count.
+ NodePort service creation fails if the node port
+ is not in the range supported by the Kubernetes
+ API server. The default Kubernetes Node Port range
+ is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service
+ port(s). For Kafka with the nodePort type, this
+ setting is only applied to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create
+ route services in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ bootstrapPrefix:
+ description: bootstrapPrefix specifies the prefix
+ for the Kafka bootstrap advertised endpoint and
+ will be added as `bootstrapPrefix.domain`. The default
+ value is the Kafka cluster name.
+ minLength: 1
+ type: string
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the Kafka broker advertised endpoint and will be
+ added as `brokerPrefix.domain`. The default value
+ is `b`, such as `b#.domain` where `#` starts from
+ `0` to the replicas count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain specifies the domain name of the
+ Confluent component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a
+ route that covers all hosts within a domain. Valid
+ options are `Subdomain` and `None`. The default
+ value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ staticForHostBasedRouting:
+ description: staticForHostBasedRouting enables external
+ access by doing host based routing through the SNI capability.
+ With this schema, CFK only configures Kafka advertised
+ listeners, and no Kubernetes external service is created.
+ properties:
+ brokerPrefix:
+ description: brokerPrefix specifies the prefix for
+ the broker advertised endpoints and are added as
+ `brokerPrefix.domain`. If not configured, it will
+ add `b` as a prefix, such as `b#.domain` where `#`
+ will start from `0` to the replicas count.
+ minLength: 1
+ type: string
+ domain:
+ description: domain specifies the domain name for
+ the Kafka cluster.
+ minLength: 1
+ type: string
+ port:
+ description: port specifies the port to be used in
+ the advertised listener for a broker.
+ format: int32
+ type: integer
+ required:
+ - domain
+ - port
+ type: object
+ staticForPortBasedRouting:
+ description: staticForPortBasedRouting enables external
+ access by port routing. With this schema, CFK only configures
+ Kafka advertised listeners, and no Kubernetes external
+ service is created.
+ properties:
+ host:
+ description: host defines the host name to be used
+ in the advertised listener for a broker.
+ minLength: 1
+ type: string
+ portOffset:
+ description: portOffset specifies the starting port
+ number. The port numbers go in ascending order with
+ respect to the replicas count.
+ format: int32
+ type: integer
+ required:
+ - host
+ - portOffset
+ type: object
+ type:
+ description: type specifies the Kubernetes service for
+ external access. Valid options are `loadBalancer`, `nodePort`,
+ `route`, `staticForPortBasedRouting`, and `staticForHostBasedRouting`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ - staticForPortBasedRouting
+ - staticForHostBasedRouting
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the listener.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ internal:
+ description: internal specifies the internal listener.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the listener.
+ properties:
+ jaasConfig:
+ description: 'jaasConfig specifies the JaaS configuration.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: 'jaasConfigPassThrough specifies another
+ way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ principalMappingRules:
+ items:
+ type: string
+ type: array
+ type:
+ description: type specifies the Kafka or Zookeeper authentication
+ type. Valid options are `plain`, `digest`, `mtls`, and
+ `ldap`.
+ enum:
+ - plain
+ - digest
+ - mtls
+ - ldap
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the listener.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ type: object
+ metricReporter:
+ description: metricsReporter specifies the configuration of the metric
+ reporter. The metric reporter is enabled by default. If authentication
+ and TLS are not set, the metrics reporter uses internal listener's
+ authentication and TLS .
+ properties:
+ authentication:
+ description: authentication specifies the Kafka client-side authentication
+ configuration.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side JaaS
+ configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way to
+ provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where required credentials are
+ mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism to
+ provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ enabled:
+ description: enabled specifies whether to enable or disable the
+ metric reporter.
+ type: boolean
+ replicationFactor:
+ description: replicationFactor specifies the number of replicas
+ in the metric topic.
+ format: int32
+ type: integer
+ tls:
+ description: tls specifies the Kafka client-side TLS configuration.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ required:
+ - enabled
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ passwordEncoder:
+ description: passwordEncoder specifies password encoder secret for
+ Kafka.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer contains the directory
+ path in the container where the required secret is mounted.
+ Directory should have the file `password-encoder.txt`. The contents
+ should include a new password. Old password is optional and
+ required only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
+ type: string
+ secretRef:
+ description: 'secretRef specifies the secret name. The secret
+ should have the key `password-encoder.txt`. The contents should
+ include a new password. Old password is optional and required
+ only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ rackAssignment:
+ description: rackAssignment specifies the rack awareness capability
+ of the Kafka cluster.
+ properties:
+ availabilityZoneCount:
+ description: availabilityZoneCount configures `broker.rack` with
+ the formula (`pod_id % azCount`). This is mainly for backwards
+ compatibility with Operator 1.x.
+ format: int32
+ type: integer
+ nodeLabels:
+ description: nodeLabels use the Kubernetes node API to retrieve
+ the label values to be used in `broker.rack`. This feature requires
+ CFK to run with the cluster-level access.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ services:
+ description: services specify the supported Kafka services.
+ properties:
+ kafkaRest:
+ description: kafkaRest specifies the embedded REST API server
+ configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API server
+ authentication configuration.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API server. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ externalAccess:
+ description: externalAccess specifies the external access
+ configuration.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration
+ to create a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to: `://.`
+ where podId starts from `0` to `replicaCount -1`.
+ This is only recommended if you cannot add internal
+ SANs to the TLS certificates for MDS and the external
+ DNS must be resolved inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain` where
+ `#` will start from `0` to `replicaCount -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component
+ cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the
+ source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for
+ the client consumption. If not configured, the same
+ internal/external port is configured for the component.
+ Information about the port can be retrieved through
+ the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given
+ domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided
+ service port(s).
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create
+ a Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount
+ - 1`. This is only recommended if you cannot add
+ internal SANs to the TLS certificates for MDS and
+ the external DNS must be resolved inside the Kubernetes
+ cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain` where
+ `#` will start from `0` to `replicaCount -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting
+ offset of the node ports. The port numbers go in
+ ascending order with respect to the replicas count.
+ NodePort service creation fails if the node port
+ is not in the range supported by the Kubernetes
+ API server. The default Kubernetes Node Port range
+ is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service
+ port(s). For Kafka with the nodePort type, this
+ setting is only applied to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create
+ a route service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the
+ Confluent component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix
+ when configured for the domain. The default value
+ is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a
+ route that covers all hosts within a domain. Valid
+ options are `Subdomain` and `None`. The default
+ value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service
+ for the component. Valid options are `loadBalancer`,
+ `nodePort`, and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls specifies the TLS configuration.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds specifies the MDS server configuration.
+ properties:
+ authentication:
+ description: authentication specifies the MDS server authentication
+ configuration.
+ properties:
+ type:
+ description: type defines the MDS authentication type.
+ The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - type
+ type: object
+ externalAccess:
+ description: externalAccess specifies the external access
+ configuration.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration
+ to create a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to: `://.`
+ where podId starts from `0` to `replicaCount -1`.
+ This is only recommended if you cannot add internal
+ SANs to the TLS certificates for MDS and the external
+ DNS must be resolved inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain` where
+ `#` will start from `0` to `replicaCount -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component
+ cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the
+ source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for
+ the client consumption. If not configured, the same
+ internal/external port is configured for the component.
+ Information about the port can be retrieved through
+ the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given
+ domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided
+ service port(s).
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create
+ a Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration
+ for advertised listener per pod. It is only supported
+ for MDS currently. If it is enabled, instead of
+ using internal endpoint, the MDS advertised listener
+ for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount
+ - 1`. This is only recommended if you cannot add
+ internal SANs to the TLS certificates for MDS and
+ the external DNS must be resolved inside the Kubernetes
+ cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set
+ the MDS advertised listener url with external
+ endpoint for each broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix
+ for MDS advertised endpoint if using loadBalancer
+ external access. If not configured, it uses
+ `b` as default prefix, such as `b#.domain` where
+ `#` will start from `0` to `replicaCount -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are
+ `Local` and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting
+ offset of the node ports. The port numbers go in
+ ascending order with respect to the replicas count.
+ NodePort service creation fails if the node port
+ is not in the range supported by the Kubernetes
+ API server. The default Kubernetes Node Port range
+ is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service
+ port(s). For Kafka with the nodePort type, this
+ setting is only applied to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on
+ service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this
+ port. This field follows standard Kubernetes
+ label syntax. Un-prefixed names are reserved
+ for IANA standard service names (as per RFC-6335
+ and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed
+ names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the
+ service. This must be a DNS_LABEL. All ports
+ within a ServiceSpec must have unique names.
+ When considering the endpoints for a Service,
+ this must match the 'name' field in the EndpointPort.
+ Optional if only one ServicePort is defined
+ on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which
+ this service is exposed when type is NodePort
+ or LoadBalancer. Usually assigned by the
+ system. If a value is specified, in-range,
+ and not in use it will be used, otherwise
+ the operation will fail. If not specified,
+ a port will be allocated if this Service requires
+ one. If this field is specified when creating
+ a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing
+ type from NodePort to ClusterIP). More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port.
+ Supports "TCP", "UDP", and "SCTP". Default
+ is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to
+ access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME. If this is a string,
+ it will be looked up as a named port in the
+ target Pod''s container ports. If this is
+ not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should
+ be omitted or set equal to the ''port'' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes
+ session affinity. The valid options are `ClientIP`
+ and `None`. `ClientIP` enables the client IP-based
+ session affinity. The default value is `None`. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the
+ seconds of ClientIP type session sticky
+ time. The value must be >0 && <=86400(for
+ 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create
+ a route service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and
+ value pairs. It specifies Kubernetes annotations
+ for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the
+ Confluent component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value
+ pairs. It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix
+ when configured for the domain. The default value
+ is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a
+ route that covers all hosts within a domain. Valid
+ options are `Subdomain` and `None`. The default
+ value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service
+ for the component. Valid options are `loadBalancer`,
+ `nodePort`, and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ provider:
+ description: provider specifies the identity provider configuration.
+ properties:
+ ldap:
+ description: ldap defines the LDAP service configuration.
+ properties:
+ address:
+ description: address defines the LDAP server address.
+ type: string
+ authentication:
+ description: LdapAuthentication specifies the LDAP
+ authentication configuration.
+ properties:
+ simple:
+ description: simple specifies simple authentication
+ configuration for the LDAP.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines
+ the directory path in the container where
+ the credentials are mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name
+ of the secret that contains the credentials.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type defines the authentication method
+ for LDAP. Valid options are `simple` and `mtls`.
+ enum:
+ - simple
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ configurations:
+ description: configurations defines the LDAP configurations
+ for Confluent RBAC.
+ properties:
+ groupMemberAttribute:
+ description: groupMemberAttribute specifies the
+ LDAP group member attribute.
+ minLength: 1
+ type: string
+ groupMemberAttributePattern:
+ description: groupMemberAttributePattern specifies
+ the regular expression pattern for the LDAP
+ group member attribute.
+ minLength: 1
+ type: string
+ groupNameAttribute:
+ description: groupNameAttribute specifies the
+ LDAP group name attribute.
+ minLength: 1
+ type: string
+ groupObjectClass:
+ description: groupObjectClass specifies the LDAP
+ group object class.
+ minLength: 1
+ type: string
+ groupSearchBase:
+ description: groupSearchBase specifies the LDAP
+ search base for the group-based search.
+ minLength: 1
+ type: string
+ groupSearchFilter:
+ description: groupSearchFilter specifies the LDAP
+ search filter for the group-based search.
+ minLength: 1
+ type: string
+ groupSearchScope:
+ description: groupSearchScope specifies the LDAP
+ search scope for the group-based search.
+ format: int32
+ type: integer
+ userMemberOfAttributePattern:
+ description: userMemberOfAttributePattern specifies
+ the regular expression pattern for the LDAP
+ user member attribute.
+ minLength: 1
+ type: string
+ userNameAttribute:
+ description: userNameAttribute specifies the LDAP
+ username attribute.
+ minLength: 1
+ type: string
+ userObjectClass:
+ description: userObjectClass specifies the LDAP
+ user object class.
+ minLength: 1
+ type: string
+ userSearchBase:
+ description: userSearchBase specifies the LDAP
+ search base for the user-based search.
+ minLength: 1
+ type: string
+ userSearchFilter:
+ description: userSearchFilter specifies the LDAP
+ search filter for the user-based search.
+ minLength: 1
+ type: string
+ userSearchScope:
+ description: userSearchScope specifies the LDAP
+ search scope for the user-based search.
+ format: int32
+ type: integer
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for
+ the LDAP.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys
+ are mounted. `truststore.jks` is not configured
+ and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS
+ configuration for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates
+ whether to ignore the truststore configuration
+ for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret
+ containing the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name
+ of the secret containing the JKS password.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret
+ containing the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ required:
+ - address
+ - authentication
+ - configurations
+ type: object
+ type:
+ description: type defines the identity provider type.
+ The valid option is `ldap`.
+ enum:
+ - ldap
+ type: string
+ required:
+ - ldap
+ - type
+ type: object
+ tls:
+ description: tls specifies the TLS configuration.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token key pair for
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - provider
+ - tokenKeyPair
+ type: object
+ type: object
+ storageClass:
+ description: storageClass specifies the user-provided storage class.
+ If not configured, it will use the default storage class.
+ properties:
+ name:
+ description: name is the storage class name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the global-level TLS configuration which
+ can be used by listeners and services.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - dataVolumeCapacity
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the Kafka cluster.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ brokerIdOffset:
+ description: brokerIdOffset is the broker id offset of the Kafka cluster.
+ format: int32
+ type: integer
+ clusterID:
+ description: clusterID is the ID of the Kafka cluster.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ listeners:
+ additionalProperties:
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ client:
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ description: listeners is a map for the status of Kafka Listeners.
+ type: object
+ x-kubernetes-map-type: granular
+ minISR:
+ description: minISR is the minimum number of in sync replicas in the
+ Kafka cluster.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ replicationFactor:
+ description: replicationFactor is the replication factor of the topics
+ in the Kafka cluster.
+ format: int32
+ type: integer
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ services:
+ additionalProperties:
+ description: ListenerStatus describes general information about
+ the listeners.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ description: services is a map for the Kafka services.
+ type: object
+ x-kubernetes-map-type: granular
+ zookeeperConnect:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_kafkatopics.yaml b/crds/2.4.0/platform.confluent.io_kafkatopics.yaml
new file mode 100644
index 0000000..63ecbee
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_kafkatopics.yaml
@@ -0,0 +1,308 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: kafkatopics.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: KafkaTopic
+ listKind: KafkaTopicList
+ plural: kafkatopics
+ shortNames:
+ - kt
+ - topic
+ singular: kafkatopic
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.partitionCount
+ name: Partition
+ type: string
+ - jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .status.kafkaClusterID
+ name: ClusterID
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafkaCluster
+ name: KafkaCluster
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KafkaTopic is the schema for the Kafka Topic API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the KafkaTopic.
+ properties:
+ configs:
+ additionalProperties:
+ type: string
+ description: 'configs is a map of string key and value pairs that
+ are used to pass the configuration settings for the topic. More
+ info: https://docs.confluent.io/current/installation/configuration/topic-configs.html.'
+ type: object
+ x-kubernetes-map-type: granular
+ kafkaClusterRef:
+ description: kafkaClusterRef specifies the name of the Kafka cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ kafkaRest:
+ description: kafkaRest specifies the Kafka REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication settings
+ for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication settings
+ for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication type.
+ Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get the
+ cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the application
+ resources, e.g. connector, topic, schema, of the Confluent Platform
+ components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value
+ format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ defines Kafka REST API connection information.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass application
+ resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ name:
+ description: name specifies the topic name. If not configured, the
+ KafkaTopic CR name is used as the topic name.
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9\._\-]*$
+ type: string
+ partitionCount:
+ description: partitionCount specifies the number of partitions for
+ the topic. If not configured, it will be defaulted to the partition
+ count that Kafka REST V3 API supports.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas specifies the replication factor for the topic.
+ If not configured, it will be defaulted to the replication factor
+ that Kafka REST V3 API supports.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: status defines the observed state of the KafkaTopic.
+ properties:
+ conditions:
+ description: conditions are the latest available observed states of
+ the topic.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ kafkaCluster:
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID is the id of the Kafka cluster.
+ type: string
+ kafkaRestEndpoint:
+ description: kafkaRestEndpoint is the endpoint of the Kafka REST API.
+ type: string
+ partitionCount:
+ description: partitionCount is the partition count of the topic.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the replication factor of the topic.
+ format: int32
+ type: integer
+ state:
+ description: state is the state of the topic.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_ksqldbs.yaml b/crds/2.4.0/platform.confluent.io_ksqldbs.yaml
new file mode 100644
index 0000000..51885e3
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_ksqldbs.yaml
@@ -0,0 +1,4981 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: ksqldbs.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: KsqlDB
+ listKind: KsqlDBList
+ plural: ksqldbs
+ shortNames:
+ - ksqldb
+ - ksql
+ singular: ksqldb
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafka.bootstrapEndpoint
+ name: Kafka
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KsqlDB is the schema for the ksqlDB API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the ksqlDB cluster.
+ properties:
+ authentication:
+ description: authentication specifies whether authentication is needed
+ when accessing the ksqlDB cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass the
+ basic credential through a directory path in the container.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ This configuration is ignored on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme for the
+ REST API server. Valid options are `basic` and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ authorization:
+ description: authorization specifies the RBAC configuration for the
+ ksqlDB cluster.
+ properties:
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ specifies the Kafka REST API connection configuration.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ type:
+ description: type specifies the client-side authorization type.
+ The valid option is `rbac`.
+ enum:
+ - rbac
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the ksqlDB cluster. A change will
+ roll the cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dataVolumeCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: dataVolumeCapacity specifies the data volume for the
+ ksqlDB cluster.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ dependencies:
+ description: dependencies specifies the dependency configurations
+ for Kafka, Interceptor, Schema Registry, and the MDS.
+ properties:
+ interceptor:
+ description: interceptor specifies the interceptor dependency
+ configuration.
+ properties:
+ configs:
+ description: configs describe the configurations for the Confluent
+ Platform interceptor. The config override feature can be
+ used to pass the configuration settings.
+ items:
+ type: string
+ type: array
+ consumer:
+ description: consumer specifies the consumer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ enabled:
+ description: enabled indicates whether the Confluent Platform
+ interceptor is enabled or disabled.
+ type: boolean
+ producer:
+ description: producer specifies the producer configuration
+ for the interceptor. If not configured, it uses the Kafka
+ dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication
+ for the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another
+ way to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies
+ the directory path in the container where required
+ credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret
+ containing the required credentials for authentication.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies
+ the directory path in the container where the
+ credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of
+ the secret that contains the credential. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`,
+ `digest`, and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for
+ the Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where `keystore.jks`,
+ `truststore.jks`, and `jksPassword.txt` keys are
+ mounted. `truststore.jks` is not configured and
+ can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of
+ the secret containing the JKS password. More
+ info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ publishMs:
+ type: integer
+ required:
+ - enabled
+ type: object
+ kafka:
+ description: kafka specifies the Kafka dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds specifies the MDS dependencies configuration.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration for the MDS.
+ properties:
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication method
+ for the MDS. The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - bearer
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies the MDS endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: ClientTLSConfig specifies the TLS configuration
+ for the Confluent component (dependencies, listeners).
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token keypair to configure
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - authentication
+ - endpoint
+ - tokenKeyPair
+ type: object
+ schemaRegistry:
+ description: schemaRegistry specifies the Schema Registry dependency
+ configuration.
+ properties:
+ authentication:
+ description: authentication specifies the authentication for
+ the Schema Registry cluster.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic
+ authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme
+ for the REST API client. Valid options are `basic` and
+ `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Schema Registry cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ url:
+ description: url specifies the URL endpoint of the Schema
+ Registry cluster.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ required:
+ - url
+ type: object
+ type: object
+ externalAccess:
+ description: externalAccess specifies the configurations for the endpoints
+ and services to make the ksqlDB accessible from outside the cluster.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration to create
+ a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to: `://.`
+ where podId starts from `0` to `replicaCount -1`. This is
+ only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for the client
+ consumption. If not configured, the same internal/external
+ port is configured for the component. Information about
+ the port can be retrieved through the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given domain.
+ The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided service
+ port(s).
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create a
+ Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to `://:,
+ where`podId` starts from `0` to `replicaCount - 1`. This
+ is only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting offset
+ of the node ports. The port numbers go in ascending order
+ with respect to the replicas count. NodePort service creation
+ fails if the node port is not in the range supported by
+ the Kubernetes API server. The default Kubernetes Node Port
+ range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service port(s).
+ For Kafka with the nodePort type, this setting is only applied
+ to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create a route
+ service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the Confluent
+ component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix when configured
+ for the domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a route that
+ covers all hosts within a domain. Valid options are `Subdomain`
+ and `None`. The default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service for
+ the component. Valid options are `loadBalancer`, `nodePort`,
+ and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ internalTopicReplicationFactor:
+ description: internalTopicReplicationFactor specifies the replication
+ factor for internal topics.
+ format: int32
+ type: integer
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ storageClass:
+ description: storageClass specifies the storage class used for creating
+ the PVC for the ksqlDB cluster.
+ properties:
+ name:
+ description: name is the storage class name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the TLS configurations for the ksqlDB cluster.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - dataVolumeCapacity
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of ksqlDB Server.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ kafka:
+ description: kafka is the Kafka client side status for the ksqlDB
+ cluster.
+ properties:
+ authenticationType:
+ description: authenticationType describes the authentication method
+ for the Kafka cluster.
+ type: string
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ tls:
+ description: tls indicates whether TLS is enabled for the Kafka
+ dependency.
+ type: boolean
+ type: object
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ rbac:
+ description: rbac contains the RBAC-related status when RBAC is enabled.
+ properties:
+ clusterID:
+ description: clusterID specifies the id of the cluster.
+ type: string
+ internalRolebindings:
+ description: internalRolebindings specifies the internal rolebindings.
+ items:
+ type: string
+ type: array
+ type: object
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ restConfig:
+ description: restConfig is the REST API configuration of the ksqlDB
+ cluster.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ serviceID:
+ description: serviceID is the id of the ksqlDB service.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_schemaexporters.yaml b/crds/2.4.0/platform.confluent.io_schemaexporters.yaml
new file mode 100644
index 0000000..445996d
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_schemaexporters.yaml
@@ -0,0 +1,493 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: schemaexporters.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: SchemaExporter
+ listKind: SchemaExporterList
+ plural: schemaexporters
+ shortNames:
+ - se
+ - schemaexporter
+ singular: schemaexporter
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.contextName
+ name: ContextName
+ type: string
+ - jsonPath: .status.exporterStatus
+ name: ExporterStatus
+ type: string
+ - jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.sourceSchemaRegistry.endpoint
+ name: SourceSchemaRegistryEndpoint
+ priority: 1
+ type: string
+ - jsonPath: .status.destinationSchemaRegistry.endpoint
+ name: DestinationSchemaRegistryEndpoint
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: SchemaExporter is the schema for the SchemaExporter API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the schema exporter.
+ properties:
+ configs:
+ additionalProperties:
+ type: string
+ description: 'configs is a map of string key and value pairs. It specifies
+ additional configurations for the schema exporter. More info: https://docs.confluent.io/platform/current/schema-registry/schema-linking-cp.html#create-a-configuration-file-for-the-exporter'
+ type: object
+ x-kubernetes-map-type: granular
+ contextName:
+ description: contextName specifies the custom context name in the
+ destination Schema Registry cluster where the schemas will be exported.
+ If this is defined, contextType will be ignored. If this is not
+ defined, schemas will be exported to context in destination based
+ on contextType.
+ type: string
+ contextType:
+ description: contextType specifies the type of context created in
+ the destination Schema Registry cluster of the schema exporter.
+ Valid options are `AUTO` and `NONE`. The default value is `AUTO`.
+ enum:
+ - AUTO
+ - NONE
+ type: string
+ destinationCluster:
+ description: destinationCluster specifies the destination Schema Registry
+ cluster. If this is not defined, sourceCluster is chosen as the
+ destination and the schema exporter will be exporting schemas across
+ contexts within the sourceCluster. Schema exporter should be enabled
+ in Schema Registry cluster CR with `spec.enableSchemaExporter`.
+ properties:
+ schemaRegistryClusterRef:
+ description: schemaRegistryClusterRef references the CFK-managed
+ Schema Registry cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ schemaRegistryRest:
+ description: schemaRegistryRest specifies the Schema Registry
+ REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication
+ settings for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication
+ type. Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is
+ running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get
+ the cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the
+ application resources, e.g. connector, topic, schema, of
+ the Confluent Platform components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that
+ contains the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that
+ contains the certificates. More info about certificates
+ key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ type: object
+ sourceCluster:
+ description: sourceCluster specifies the source Schema Registry cluster.
+ Schema exporter will be set up in the source cluster. If this is
+ not defined, controller will try to auto discover Schema Registry
+ in the namespace of the schema exporter. If it cannot discover a
+ Schema Registry cluster or more than one Schema Registry clusters
+ are found, controller will return error. Schema exporter should
+ be enabled in Schema Registry cluster CR with `spec.enableSchemaExporter`.
+ properties:
+ schemaRegistryClusterRef:
+ description: schemaRegistryClusterRef references the CFK-managed
+ Schema Registry cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ schemaRegistryRest:
+ description: schemaRegistryRest specifies the Schema Registry
+ REST API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication
+ settings for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication
+ debug logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in
+ the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted
+ roles on the server side only. Changes will be only
+ reflected in Control Center. This configuration
+ is ignored on the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server
+ side only. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to
+ pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication
+ type. Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is
+ running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get
+ the cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the
+ application resources, e.g. connector, topic, schema, of
+ the Confluent Platform components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that
+ contains the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that
+ contains the certificates. More info about certificates
+ key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ type: object
+ subjectRenameFormat:
+ description: subjectRenameFormat specifies the rename format for the
+ subjects exported to the destination. For example, if the value
+ is `my-${subject}`, subjects at destination will become `my-firstSubject`
+ where `firstSubject` is the original subject name.
+ type: string
+ subjects:
+ description: subjects specifies the list of subjects to be exported
+ by schema exporter. The default value is `["*"]`. This indicates
+ all subjects in the default context.
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: status defines the observed state of the schema exporter.
+ properties:
+ conditions:
+ description: conditions are the latest available observations of the
+ schema exporter's state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ contextName:
+ description: contextName shows the name of the context in the destination
+ Schema Registry cluster where the schemas will be exported.
+ type: string
+ contextType:
+ description: contextType is the contextType of the schema exporter.
+ type: string
+ destinationSchemaRegistry:
+ description: destinationSchemaRegistry shows the destination Schema
+ Registry endpoint, authentication type and if it is using TLS.
+ properties:
+ authenticationType:
+ description: authenticationType is the authentication method used
+ for Schema Registry.
+ type: string
+ endpoint:
+ description: endpoint is the Schema Registry REST endpoint.
+ type: string
+ tls:
+ description: tls shows whether the Schema Registry is using TLS.
+ type: boolean
+ type: object
+ exporterStatus:
+ description: exporterStatus is the status of the schema exporter.
+ type: string
+ sourceSchemaRegistry:
+ description: sourceSchemaRegistry shows the source Schema Registry
+ endpoint, authentication type and if it is using TLS.
+ properties:
+ authenticationType:
+ description: authenticationType is the authentication method used
+ for Schema Registry.
+ type: string
+ endpoint:
+ description: endpoint is the Schema Registry REST endpoint.
+ type: string
+ tls:
+ description: tls shows whether the Schema Registry is using TLS.
+ type: boolean
+ type: object
+ state:
+ description: state is the current state of the schema exporter.
+ type: string
+ subjects:
+ description: subjects is the list of subjects exported by the schema
+ exporter.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_schemaregistries.yaml b/crds/2.4.0/platform.confluent.io_schemaregistries.yaml
new file mode 100644
index 0000000..55d457f
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_schemaregistries.yaml
@@ -0,0 +1,4555 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: schemaregistries.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: SchemaRegistry
+ listKind: SchemaRegistryList
+ plural: schemaregistries
+ shortNames:
+ - schemaregistry
+ - sr
+ singular: schemaregistry
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.kafka.bootstrapEndpoint
+ name: Kafka
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: SchemaRegistry is the schema for the Schema Registry API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Schema Registry cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configurations
+ for the REST API endpoint.
+ properties:
+ basic:
+ description: basic specifies the configuration for basic authentication.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass the
+ basic credential through a directory path in the container.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on the
+ client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side only.
+ This configuration is ignored on the client side configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication scheme for the
+ REST API server. Valid options are `basic` and `mtls`.
+ enum:
+ - basic
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ authorization:
+ description: authorization specifies the authorization configurations.
+ properties:
+ kafkaRestClassRef:
+ description: kafkaRestClassRef references the KafkaRestClass which
+ specifies the Kafka REST API connection configuration.
+ properties:
+ name:
+ description: name specifies the name of the KafkaRestClass
+ application resource.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace specifies the namespace of the KafkaRestClass.
+ type: string
+ required:
+ - name
+ type: object
+ type:
+ description: type specifies the client-side authorization type.
+ The valid option is `rbac`.
+ enum:
+ - rbac
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies the configs to override the
+ server, JVM, Log4j properties for the Schema Registry cluster. A
+ change will roll the cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dependencies:
+ description: dependencies specify the dependency configurations for
+ the Schema Registry.
+ properties:
+ kafka:
+ description: kafka specifies the Kafka dependency configuration.
+ properties:
+ authentication:
+ description: authentication defines the authentication for
+ the Kafka cluster.
+ properties:
+ jaasConfig:
+ description: jaasConfig specifies the Kafka client-side
+ JaaS configuration.
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: jaasConfigPassThrough specifies another way
+ to provide the Kafka client-side JaaS configuration.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the
+ directory path in the container where required credentials
+ are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing
+ the required credentials for authentication. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ oauthbearer:
+ description: oauthbearer is the authentication mechanism
+ to provider principals. Only supported in RBAC deployment.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the Kafka client authentication
+ type. Valid options are `plain`, `oauthbearer`, `digest`,
+ and `mtls`.
+ enum:
+ - plain
+ - oauthbearer
+ - digest
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap
+ endpoint.
+ minLength: 1
+ pattern: .+:[0-9]+
+ type: string
+ discovery:
+ description: discovery specifies the capability to discover
+ the Kafka cluster.
+ properties:
+ name:
+ description: name is the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace is where the Confluent Platform
+ component is running. The default value is the namespace
+ where CFK is running.
+ type: string
+ secretRef:
+ description: secretRef is the name of the secret used
+ to discover the Confluent Platform component.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls defines the client-side TLS setting for the
+ Kafka cluster.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mds:
+ description: mds specifies the MDS dependencies configurations.
+ properties:
+ authentication:
+ description: authentication specifies the client side authentication
+ configuration for the MDS.
+ properties:
+ bearer:
+ description: bearer specifies the bearer authentication
+ settings.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the
+ directory path in the container where the credential
+ is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the
+ secret that contains the credential. More info:
+ https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the authentication method
+ for the MDS. The valid option is `bearer`.
+ enum:
+ - bearer
+ type: string
+ required:
+ - bearer
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies the MDS endpoint.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ tls:
+ description: ClientTLSConfig specifies the TLS configuration
+ for the Confluent component (dependencies, listeners).
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether
+ to ignore the truststore configuration for the Confluent
+ component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the
+ secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing
+ the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ tokenKeyPair:
+ description: tokenKeyPair specifies the token keypair to configure
+ the MDS.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer defines the directory
+ path in the container where the MDS token key pair are
+ mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: secretRef references the name of the secret
+ that contains the MDS token key pair.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - authentication
+ - endpoint
+ - tokenKeyPair
+ type: object
+ type: object
+ enableSchemaExporter:
+ description: enableSchemaExporter enables schema exporter in the Schema
+ Registry.
+ type: boolean
+ externalAccess:
+ description: externalAccess specifies the external access configuration.
+ properties:
+ loadBalancer:
+ description: loadBalancer specifies the configuration to create
+ a Kubernetes load balancer service.
+ properties:
+ advertisedURL:
+ description: 'advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to: `://.`
+ where podId starts from `0` to `replicaCount -1`. This is
+ only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.'
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain is the domain name of the component cluster.
+ minLength: 1
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ loadBalancerSourceRanges:
+ description: loadBalancerSourceRanges specify the source ranges.
+ items:
+ type: string
+ type: array
+ port:
+ description: port specifies the external port for the client
+ consumption. If not configured, the same internal/external
+ port is configured for the component. Information about
+ the port can be retrieved through the status API.
+ format: int32
+ type: integer
+ prefix:
+ description: prefix specify the prefix for the given domain.
+ The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ servicePorts:
+ description: servicePorts specify the user-provided service
+ port(s).
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - domain
+ type: object
+ nodePort:
+ description: nodePort specifies the configuration to create a
+ Kubernetes node port service.
+ properties:
+ advertisedURL:
+ description: advertisedURL specifies the configuration for
+ advertised listener per pod. It is only supported for MDS
+ currently. If it is enabled, instead of using internal endpoint,
+ the MDS advertised listener for each broker will be set
+ to `://:,
+ where`podId` starts from `0` to `replicaCount - 1`. This
+ is only recommended if you cannot add internal SANs to the
+ TLS certificates for MDS and the external DNS must be resolved
+ inside the Kubernetes cluster.
+ properties:
+ enabled:
+ description: enabled indicates whether to set the MDS
+ advertised listener url with external endpoint for each
+ broker.
+ type: boolean
+ prefix:
+ description: prefix specifies the broker prefix for MDS
+ advertised endpoint if using loadBalancer external access.
+ If not configured, it uses `b` as default prefix, such
+ as `b#.domain` where `#` will start from `0` to `replicaCount
+ -1`.
+ minLength: 1
+ type: string
+ required:
+ - enabled
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ externalTrafficPolicy:
+ description: externalTrafficPolicy specifies the external
+ traffic policy for the service. Valid options are `Local`
+ and `Cluster`.
+ enum:
+ - Local
+ - Cluster
+ type: string
+ host:
+ description: host defines the host name of the cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ nodePortOffset:
+ description: nodePortOffset specifies the starting offset
+ of the node ports. The port numbers go in ascending order
+ with respect to the replicas count. NodePort service creation
+ fails if the node port is not in the range supported by
+ the Kubernetes API server. The default Kubernetes Node Port
+ range is `30000` - `32762`.
+ format: int32
+ minimum: 0
+ type: integer
+ servicePorts:
+ description: servicePorts specify user-provided service port(s).
+ For Kafka with the nodePort type, this setting is only applied
+ to Kafka bootstrap service.
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port.
+ This field follows standard Kubernetes label syntax.
+ Un-prefixed names are reserved for IANA standard service
+ names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
+ Non-standard protocols should use prefixed names such
+ as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field in
+ the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service
+ is exposed when type is NodePort or LoadBalancer. Usually
+ assigned by the system. If a value is specified, in-range,
+ and not in use it will be used, otherwise the operation
+ will fail. If not specified, a port will be allocated
+ if this Service requires one. If this field is specified
+ when creating a Service which does not need it, creation
+ will fail. This field will be wiped when updating
+ a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on
+ the pods targeted by the service. Number must be in
+ the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored for
+ services with clusterIP=None, and should be omitted
+ or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ sessionAffinity:
+ description: 'sessionAffinity defines the Kubernetes session
+ affinity. The valid options are `ClientIP` and `None`. `ClientIP`
+ enables the client IP-based session affinity. The default
+ value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
+ enum:
+ - ClientIP
+ - None
+ type: string
+ sessionAffinityConfig:
+ description: SessionAffinityConfig contains the configurations
+ of the session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client
+ IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - host
+ - nodePortOffset
+ type: object
+ route:
+ description: route specifies the configuration to create a route
+ service in OpenShift.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value
+ pairs. It specifies Kubernetes annotations for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ domain:
+ description: domain specifies the domain name of the Confluent
+ component cluster.
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs.
+ It specifies Kubernetes labels for this service.
+ type: object
+ x-kubernetes-map-type: granular
+ prefix:
+ description: prefix specifies the component prefix when configured
+ for the domain. The default value is the name of the cluster.
+ minLength: 1
+ type: string
+ wildcardPolicy:
+ description: wildcardPolicy allows you to define a route that
+ covers all hosts within a domain. Valid options are `Subdomain`
+ and `None`. The default value is `None`.
+ enum:
+ - Subdomain
+ - None
+ type: string
+ required:
+ - domain
+ type: object
+ type:
+ description: type specifies the Kubernetes external service for
+ the component. Valid options are `loadBalancer`, `nodePort`,
+ and `route`.
+ enum:
+ - loadBalancer
+ - nodePort
+ - route
+ minLength: 1
+ type: string
+ required:
+ - type
+ type: object
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ internalTopicReplicatorFactor:
+ description: internalTopicReplicatorFactor specifies the replication
+ factor for internal topics.
+ format: int32
+ minimum: 1
+ type: integer
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ passwordEncoder:
+ description: passwordEncoder specifies password encoder secret for
+ Schema Registry.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer contains the directory
+ path in the container where the required secret is mounted.
+ Directory should have the file `password-encoder.txt`. The contents
+ should include a new password. Old password is optional and
+ required only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
+ type: string
+ secretRef:
+ description: 'secretRef specifies the secret name. The secret
+ should have the key `password-encoder.txt`. The contents should
+ include a new password. Old password is optional and required
+ only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ telemetry:
+ description: telemetry specifies the Confluent telemetry reporter
+ configuration.
+ properties:
+ global:
+ description: global allows disabling telemetry configuration.
+ If CFK is deployed with telemetry, this field is only used to
+ disable telemetry. The default value is `true` if telemetry
+ is enabled at the global level.
+ type: boolean
+ type: object
+ tls:
+ description: tls specifies the TLS configurations for the REST API
+ endpoint.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - image
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the Schema Registry
+ cluster.
+ properties:
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ groupId:
+ description: groupId is the group id of the Schema Registry cluster.
+ type: string
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ kafka:
+ description: kafka is the Kafka client side status for the Schema
+ Registry cluster.
+ properties:
+ authenticationType:
+ description: authenticationType describes the authentication method
+ for the Kafka cluster.
+ type: string
+ bootstrapEndpoint:
+ description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
+ type: string
+ tls:
+ description: tls indicates whether TLS is enabled for the Kafka
+ dependency.
+ type: boolean
+ type: object
+ metricPrefix:
+ description: metricPrefix is the prefix for the JMX metric of the
+ Schema Registry cluster.
+ type: string
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ rbac:
+ description: rbac contains the RBAC-related status when RBAC is enabled.
+ properties:
+ clusterID:
+ description: clusterID specifies the id of the cluster.
+ type: string
+ internalRolebindings:
+ description: internalRolebindings specifies the internal rolebindings.
+ items:
+ type: string
+ type: array
+ type: object
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ restConfig:
+ description: restConfig is the REST API configuration of the Schema
+ Registry cluster.
+ properties:
+ advertisedExternalEndpoints:
+ description: advertisedExternalEndpoints specifies other advertised
+ endpoints used, especially for Kafka.
+ items:
+ type: string
+ type: array
+ authenticationType:
+ description: authenticationType shows the authentication type
+ configured by the listener.
+ type: string
+ externalAccessType:
+ description: externalAccessType shows the external access type
+ used for the listener.
+ type: string
+ externalEndpoint:
+ description: externalEndpoint specifies the external endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ internalEndpoint:
+ description: internalEndpoint specifies the internal endpoint
+ to connect to the Confluent component cluster.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the listener.
+ type: boolean
+ type: object
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_schemas.yaml b/crds/2.4.0/platform.confluent.io_schemas.yaml
new file mode 100644
index 0000000..3c6b3e4
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_schemas.yaml
@@ -0,0 +1,466 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: schemas.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: Schema
+ listKind: SchemaList
+ plural: schemas
+ shortNames:
+ - schema
+ singular: schema
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.format
+ name: Format
+ type: string
+ - jsonPath: .status.id
+ name: ID
+ type: string
+ - jsonPath: .status.version
+ name: Version
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.schemaRegistryEndpoint
+ name: SchemaRegistryEndpoint
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Schema.
+ properties:
+ compatibilityLevel:
+ description: 'compatibilityLevel specifies the compatibility level
+ requirement for the schema under the specified subject. Valid options
+ are `BACKWARD`, `BACKWARD_TRANSITIVE`, `FORWARD`, `FORWARD_TRANSITIVE`,
+ `FULL`, `FULL_TRANSITIVE` and `NONE`. more info: https://docs.confluent.io/platform/current/schema-registry/avro.html#schema-evolution-and-compatibility'
+ enum:
+ - BACKWARD
+ - BACKWARD_TRANSITIVE
+ - FORWARD
+ - FORWARD_TRANSITIVE
+ - FULL
+ - FULL_TRANSITIVE
+ - NONE
+ type: string
+ data:
+ description: data defines the data required to create the schema.
+ properties:
+ configRef:
+ description: configRef is the name of the Kubernetes ConfigMap
+ resource containing the schema.
+ minLength: 1
+ type: string
+ format:
+ description: format is the format type of the encoded schema.
+ Valid options are `avro`, `json`, and `protobuf`.
+ enum:
+ - avro
+ - json
+ - protobuf
+ minLength: 1
+ type: string
+ required:
+ - configRef
+ - format
+ type: object
+ name:
+ description: name specifies the subject name of schema. If not configured,
+ the Schema CR name is used as the subject name.
+ maxLength: 255
+ minLength: 1
+ pattern: ^[^\\]*$
+ type: string
+ schemaReferences:
+ description: schemaReferences defines the schema references in the
+ schema data.
+ items:
+ description: SchemaReference is the schema to be used as a reference
+ for the new schema.
+ properties:
+ avro:
+ description: avro is the data for the referenced Avro schema.
+ properties:
+ avro:
+ description: name is the fully qualified name of the referenced
+ Avro schema.
+ minLength: 1
+ type: string
+ required:
+ - avro
+ type: object
+ format:
+ description: format is the format type of the referenced schema.
+ Valid options are `avro`, `json`, and `protobuf`.
+ enum:
+ - avro
+ - json
+ - protobuf
+ minLength: 1
+ type: string
+ json:
+ description: json is the data for the referenced JSON schema.
+ properties:
+ url:
+ description: url is the referenced JSON schema url.
+ minLength: 1
+ type: string
+ required:
+ - url
+ type: object
+ protobuf:
+ description: protobuf is the data for the referenced Protobuf
+ schema.
+ properties:
+ file:
+ description: file is the file name of the referenced Protobuf
+ schema.
+ minLength: 1
+ type: string
+ required:
+ - file
+ type: object
+ subject:
+ description: subject is the subject name for the referenced
+ schema through the configRef.
+ minLength: 1
+ type: string
+ version:
+ description: version is the version type of the referenced schema.
+ format: int32
+ type: integer
+ required:
+ - format
+ - subject
+ - version
+ type: object
+ type: array
+ schemaRegistryClusterRef:
+ description: schemaRegistryClusterRef references the CFK-managed Schema
+ Registry cluster.
+ properties:
+ name:
+ description: name specifies the name of the Confluent Platform
+ component cluster.
+ type: string
+ namespace:
+ description: namespace specifies the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ required:
+ - name
+ type: object
+ schemaRegistryRest:
+ description: schemaRegistryRest specifies the Schema Registry REST
+ API configuration.
+ properties:
+ authentication:
+ description: authentication specifies the REST API authentication
+ mechanism.
+ properties:
+ basic:
+ description: basic specifies the basic authentication settings
+ for the REST API client.
+ properties:
+ debug:
+ description: debug enables the basic authentication debug
+ logs for JaaS configuration.
+ type: boolean
+ directoryPathInContainer:
+ description: 'directoryPathInContainer allows to pass
+ the basic credential through a directory path in the
+ container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ minLength: 1
+ type: string
+ restrictedRoles:
+ description: restrictedRoles specify the restricted roles
+ on the server side only. Changes will be only reflected
+ in Control Center. This configuration is ignored on
+ the client side configuration.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ roles:
+ description: roles specify the roles on the server side
+ only. This configuration is ignored on the client side
+ configuration.
+ items:
+ type: string
+ type: array
+ secretRef:
+ description: 'secretRef defines secret reference to pass
+ the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ bearer:
+ description: bearer specifies the bearer authentication settings
+ for the REST API client.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where the credential is mounted.
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef specifies the name of the secret
+ that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type:
+ description: type specifies the REST API authentication type.
+ Valid options are `basic`, `bearer`, and `mtls`.
+ enum:
+ - basic
+ - bearer
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ endpoint:
+ description: endpoint specifies where Confluent REST API is running.
+ minLength: 1
+ pattern: ^https?://.*
+ type: string
+ kafkaClusterID:
+ description: kafkaClusterID specifies the id of Kafka cluster.
+ It takes precedence over using the Kafka REST API to get the
+ cluster id.
+ minLength: 1
+ type: string
+ tls:
+ description: tls specifies the custom TLS structure for the application
+ resources, e.g. connector, topic, schema, of the Confluent Platform
+ components.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer contains the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ `jksPassword.txt` keys are mounted.
+ minLength: 1
+ type: string
+ jksPassword:
+ description: jksPassword specifies the secret name that contains
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef specifies the secret name that contains
+ the certificates. More info about certificates key/value
+ format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ type: object
+ required:
+ - data
+ type: object
+ status:
+ description: status defines the observed state of the Schema.
+ properties:
+ compatibilityLevel:
+ description: compatibilityLevel specifies the compatibility level
+ of the schema under the subject.
+ type: string
+ conditions:
+ description: conditions are the latest available observed state of
+ the schema.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ deletedVersions:
+ description: deletedVersions are the successfully hard deleted versions
+ for the subject.
+ items:
+ format: int32
+ type: integer
+ type: array
+ format:
+ description: format is the format of the latest schema for the subject.
+ type: string
+ id:
+ description: id is the id of the latest schema for the subject.
+ format: int32
+ type: integer
+ schemaReferences:
+ description: schemaReferences are the schema references for the subject.
+ items:
+ description: SchemaReference is the schema to be used as a reference
+ for the new schema.
+ properties:
+ avro:
+ description: avro is the data for the referenced Avro schema.
+ properties:
+ avro:
+ description: name is the fully qualified name of the referenced
+ Avro schema.
+ minLength: 1
+ type: string
+ required:
+ - avro
+ type: object
+ format:
+ description: format is the format type of the referenced schema.
+ Valid options are `avro`, `json`, and `protobuf`.
+ enum:
+ - avro
+ - json
+ - protobuf
+ minLength: 1
+ type: string
+ json:
+ description: json is the data for the referenced JSON schema.
+ properties:
+ url:
+ description: url is the referenced JSON schema url.
+ minLength: 1
+ type: string
+ required:
+ - url
+ type: object
+ protobuf:
+ description: protobuf is the data for the referenced Protobuf
+ schema.
+ properties:
+ file:
+ description: file is the file name of the referenced Protobuf
+ schema.
+ minLength: 1
+ type: string
+ required:
+ - file
+ type: object
+ subject:
+ description: subject is the subject name for the referenced
+ schema through the configRef.
+ minLength: 1
+ type: string
+ version:
+ description: version is the version type of the referenced schema.
+ format: int32
+ type: integer
+ required:
+ - format
+ - subject
+ - version
+ type: object
+ type: array
+ schemaRegistryAuthenticationType:
+ description: schemaRegistryAuthenticationType is the authentication
+ method used.
+ type: string
+ schemaRegistryEndpoint:
+ description: schemaRegistryEndpoint is the Schema Registry REST endpoint.
+ type: string
+ schemaRegistryTLS:
+ description: schemaRegistryTLS shows whether the Schema Registry is
+ using TLS.
+ type: boolean
+ softDeletedVersions:
+ description: softDeletedVersions are the successfully soft deleted
+ versions for the subject.
+ items:
+ format: int32
+ type: integer
+ type: array
+ state:
+ description: state is the state of the Schema CR.
+ type: string
+ subject:
+ description: subject is the subject of the schema.
+ type: string
+ version:
+ description: version is the version of the latest schema for the subject.
+ format: int32
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/crds/2.4.0/platform.confluent.io_zookeepers.yaml b/crds/2.4.0/platform.confluent.io_zookeepers.yaml
new file mode 100644
index 0000000..c3ecf98
--- /dev/null
+++ b/crds/2.4.0/platform.confluent.io_zookeepers.yaml
@@ -0,0 +1,3828 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: zookeepers.platform.confluent.io
+spec:
+ group: platform.confluent.io
+ names:
+ categories:
+ - all
+ - confluent-platform
+ - confluent
+ kind: Zookeeper
+ listKind: ZookeeperList
+ plural: zookeepers
+ shortNames:
+ - zookeeper
+ - zk
+ singular: zookeeper
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - jsonPath: .status.readyReplicas
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.endpoint
+ name: Endpoint
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Zookeeper is the schema for the Zookeeper API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the desired state of the Zookeeper cluster.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration.
+ properties:
+ jaasConfig:
+ description: 'jaasConfig specifies the JaaS configuration. More
+ info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ secretRef:
+ description: 'secretRef references the secret containing the
+ required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ jaasConfigPassThrough:
+ description: 'jaasConfigPassThrough specifies another way to provide
+ JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where required credentials are mounted.
+ More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ minLength: 1
+ type: string
+ secretRef:
+ description: 'secretRef references the secret containing the
+ required credentials for authentication. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ principalMappingRules:
+ items:
+ type: string
+ type: array
+ type:
+ description: type specifies the Kafka or Zookeeper authentication
+ type. Valid options are `plain`, `digest`, `mtls`, and `ldap`.
+ enum:
+ - plain
+ - digest
+ - mtls
+ - ldap
+ type: string
+ required:
+ - type
+ type: object
+ configOverrides:
+ description: configOverrides specifies configs to override the server/JVM/log4j/peer
+ properties for the Zookeeper cluster. A change to this property
+ will roll the cluster.
+ properties:
+ jvm:
+ description: jvm is a list of JVM configuration supported by the
+ Confluent Platform component. This will either add or update
+ the existing configuration.
+ items:
+ type: string
+ type: array
+ log4j:
+ description: log4j is a list of Log4J configuration supported
+ by the Confluent Platform component. This will either add or
+ update the existing configuration.
+ items:
+ type: string
+ type: array
+ peers:
+ description: peers specify a list of dynamic peer configurations
+ for the Zookeeper cluster. This is only required when deploying
+ stretch Zookeeper for MRC deployments and should include all
+ the Zookeeper peers in other DCs that form the ensemble. This
+ will either add or update the existing configuration.
+ items:
+ type: string
+ type: array
+ server:
+ description: server is a list of server configuration supported
+ by the Confluent Platform component. This will either add or
+ update existing configuration.
+ items:
+ type: string
+ type: array
+ type: object
+ dataVolumeCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: dataVolumeCapacity specifies the data volume size.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ headlessService:
+ description: headlessService specifies the configuration of the Kubernetes
+ headless service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: annotations is a map of string key and value pairs.
+ It specifies the annotations to be added to the CFK-created
+ headless service. These annotations are merged with the injectAnnotations
+ and take precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ labels:
+ additionalProperties:
+ type: string
+ description: labels is a map of string key and value pairs. It
+ specifies the labels to be added to the CFK-created headless
+ service. These labels are merged with the injectLabels and take
+ precedence.
+ type: object
+ x-kubernetes-map-type: granular
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses specifies the publishNotReadyAddresses
+ field. For Kafka, this value must be true. The default value
+ is true.
+ type: boolean
+ type: object
+ image:
+ description: image specifies the application and the init docker image
+ configurations. A change to this setting will roll the cluster.
+ properties:
+ application:
+ description: application is the Docker image name of the application.
+ Specify `//:`.
+ pattern: .+:.+
+ type: string
+ init:
+ description: init is the init-container name. Specify `//:`.
+ pattern: .+:.+
+ type: string
+ pullPolicy:
+ description: pullPolicy is the policy for pulling images. Valid
+ options are `Always`, `Never`, and `IfNotPresent`. The default
+ value is `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ pullSecretRef:
+ description: 'pullSecretRef references the secrets in the same
+ namespace to be used for pulling images. Image pull secrets
+ are distinct from secrets because secrets can be mounted in
+ the pod, but image pull secrets are only accessed by `kubelet`.
+ More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ type: string
+ type: array
+ required:
+ - application
+ - init
+ type: object
+ injectAnnotations:
+ additionalProperties:
+ type: string
+ description: injectAnnotations are the annotations injected to the
+ internal resources that CFK created. The internal annotations are
+ preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
+ type: object
+ x-kubernetes-map-type: granular
+ injectLabels:
+ additionalProperties:
+ type: string
+ description: injectLabels are the labels injected to the internal
+ resources that CFK created. The internal labels are preserved and
+ cannot be overridden. For pod labels, use `podTemplate.labels`.
+ type: object
+ x-kubernetes-map-type: granular
+ k8sClusterDomain:
+ description: k8sClusterDomain specifies the configuration of the Kubernetes
+ cluster domain. The default is the `cluster.local` domain.
+ type: string
+ license:
+ description: license specifies the license configuration for the Confluent
+ Platform component.
+ properties:
+ directoryPathInContainer:
+ description: 'directoryPathInContainer specifies the directory
+ path in the container where the license key is mounted. More
+ info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ minLength: 1
+ type: string
+ globalLicense:
+ description: globalLicense specifies whether the Confluent Platform
+ component shares the CFK license.
+ type: boolean
+ secretRef:
+ description: 'secretRef references the secret that provides the
+ license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ logVolumeCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: logVolumeCapacity specifies the log volume size.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ metrics:
+ description: metrics specify the security settings for the metric
+ services.
+ properties:
+ authentication:
+ description: authentication specifies the authentication configuration
+ for the metrics.
+ properties:
+ type:
+ description: type specifies the metrics authentication method.
+ The valid option is `mtls`.
+ enum:
+ - mtls
+ type: string
+ required:
+ - type
+ type: object
+ prometheus:
+ description: prometheus specifies the configuration overrides
+ for the JMX-Prometheus exporter.
+ properties:
+ blacklist:
+ items:
+ type: string
+ type: array
+ rules:
+ items:
+ description: Rule defines the Prometheus Exporter rule override.
+ properties:
+ attrNameSnakeCase:
+ type: boolean
+ cache:
+ type: boolean
+ help:
+ minLength: 1
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: granular
+ name:
+ minLength: 1
+ type: string
+ pattern:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ valueFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ whitelist:
+ items:
+ type: string
+ type: array
+ type: object
+ tls:
+ description: tls specifies the TLS configuration for the metrics.
+ properties:
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks`
+ is not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ enabled:
+ description: enabled specifies to enable the TLS configuration
+ for the Confluent component.
+ type: boolean
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing
+ the JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the
+ certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - enabled
+ type: object
+ type: object
+ mountedSecrets:
+ description: 'mountedSecrets list the secrets injected to the underlying
+ statefulset configuration. The secret reference is mounted in the
+ default path `/mnt/secrets/`. The underlying resources
+ will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
+ A change to this setting will roll the cluster.'
+ items:
+ description: MountedSecrets provides a way to inject a custom secret
+ to the underlying statefulset.
+ properties:
+ keyItems:
+ description: keyItems are key and path names.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file. Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map the
+ key to. May not be an absolute path. May not contain
+ the path element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ secretRef:
+ description: secretRef references the name of the secret.
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ type: array
+ mountedVolumes:
+ description: mountedVolumes list the custom volumes that need to be
+ mounted into the underlying statefulset. A change to this setting
+ will roll the cluster.
+ properties:
+ volumeMounts:
+ description: volumeMounts specify the list of volume mounts for
+ the pods in the statefulset.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: volumes specify the list of volumes that can be mounted
+ into the pods of statefulset.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the
+ default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob
+ disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure
+ Storage Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of
+ Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key
+ ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the ConfigMap, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for
+ the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back
+ this directory. The default is "" which means to use
+ the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Total amount of local storage required
+ for this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all
+ containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "Ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify
+ either: * An existing VolumeSnapshot object
+ (snapshot.storage.k8s.io/VolumeSnapshot) *
+ An existing PVC (PersistentVolumeClaim) If
+ the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always
+ have the same contents as the DataSourceRef
+ field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'Specifies the object from which
+ to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this
+ field is specified, volume binding will only
+ succeed if the type of the specified object
+ matches some installed volume populator or
+ dynamic provisioner. This field will replace
+ the functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource and
+ DataSourceRef) will be set to the same value
+ automatically if one of them is empty and
+ the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific
+ types of objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. (Alpha) Using this field
+ requires the AnyVolumeDataSource feature gate
+ to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the
+ secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata
+ -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE.
+ Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain
+ or start with '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new
+ iSCSI interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI
+ transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is
+ either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits used to set permissions on created
+ files by default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within the
+ path are not affected by this setting. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file. Must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the
+ file to map the key to. May not be
+ an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you
+ want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain
+ for the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with
+ the protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in
+ the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and
+ content is the value. If specified, the listed keys
+ will be projected into the specified paths, and unlisted
+ keys will not be present. If a key is specified which
+ is not present in the Secret, the volume setup will
+ error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to
+ map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys
+ must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM)
+ profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - volumeMounts
+ - volumes
+ type: object
+ oneReplicaPerNode:
+ description: oneReplicaPerNode controls whether to run 1 pod per node
+ using the pod anti-affinity capability. Enabling this configuration
+ in an existing cluster will roll the cluster.
+ type: boolean
+ podTemplate:
+ description: podTemplate specifies the statefulset pod template configuration.
+ properties:
+ affinity:
+ description: 'affinity specifies a group of affinity scheduling
+ rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'annotations is a map of string key and value pairs
+ stored with the resource and may be set by external tools to
+ store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
+ type: object
+ x-kubernetes-map-type: granular
+ envVars:
+ description: 'envVars contain environment variables to be injected
+ into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: 'labels is a map of string key and value pairs that
+ can be used to organize and categorize (scope and select) objects.
+ More info: http://kubernetes.io/docs/user-guide/labels.'
+ type: object
+ x-kubernetes-map-type: granular
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes
+ and common container settings. Some fields are also present
+ in container.securityContext. Field values of container.securityContext
+ take precedence over field values of PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID. If unspecified, no groups will be added to any container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: priorityClassName specifies the priority class for
+ the pod (if any).
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ probe:
+ description: probe contains the fields for standard Kubernetes
+ readiness/liveness probe configuration.
+ properties:
+ liveness:
+ description: liveness configures the Kubernetes probe settings.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ readiness:
+ description: readiness configures the Kubernetes probe setting.
+ The changes will override the existing default configuration.
+ properties:
+ failureThreshold:
+ description: failureThreshold is the minimum consecutive
+ failures for the probe to be considered failed. Confluent
+ Platform components come with the right configuration,
+ and this setting is not required to change most of the
+ time.
+ format: int32
+ type: integer
+ initialDelaySeconds:
+ description: initialDelaySeconds is the number of seconds
+ after the container has started and before probes are
+ initiated. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ periodSeconds:
+ description: periodSeconds specifies how often to perform
+ the probe. Confluent Platform components come with the
+ right configuration, and this setting is not required
+ to change most of the time.
+ format: int32
+ type: integer
+ successThreshold:
+ description: successThreshold is the minimum consecutive
+ successes for the probe to be considered successful
+ after having failed. The default values is `1`. Must
+ be `1` for liveness and startup. The minimum value is
+ `1`.
+ format: int32
+ type: integer
+ timeoutSeconds:
+ description: timeoutSeconds is the number of seconds after
+ which the probe times out. Confluent Platform components
+ come with the right configuration, and this setting
+ is not required to change most of the time.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ resources:
+ description: resources describe the compute resource requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container. Some fields are present in both
+ SecurityContext and PodSecurityContext. When both are set,
+ the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components that
+ enable the WindowsHostProcessContainers feature flag.
+ Setting this field without the feature flag will result
+ in errors when validating the Pod. All of a Pod's containers
+ must have the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the service account
+ used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
+ type: string
+ terminationGracePeriodSeconds:
+ description: terminationGracePeriodSeconds is the grace period
+ before the pod is deleted.
+ format: int64
+ type: integer
+ tolerations:
+ description: tolerations specify the pods to schedule onto the
+ nodes with matching taints, using the triple ``
+ and the matching operator ``.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: topologySpreadConstraints describe how a group of
+ pods ought to spread across topology domains. Scheduler will
+ schedule pods based on the constraints. All topologySpreadConstraints
+ are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. For example, in a 3-zone cluster, MaxSkew is
+ set to 1, and pods with the same labelSelector spread
+ as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
+ - if MaxSkew is 1, incoming pod can only be scheduled
+ to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
+ would make the ActualSkew(2-0) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas is the desired number of replicas. A change
+ to this setting will roll the cluster.
+ format: int32
+ type: integer
+ storageClass:
+ description: storageClass specifies the user-provided storage class.
+ If not configured, the default storage class is used.
+ properties:
+ name:
+ description: name is the storage class name.
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ tls:
+ description: tls specifies the TLS configuration.
+ properties:
+ autoGeneratedCerts:
+ description: autoGeneratedCerts specifies that the certificates
+ are auto-generated based on the CA key pair provided.
+ type: boolean
+ directoryPathInContainer:
+ description: directoryPathInContainer specifies the directory
+ path in the container where `keystore.jks`, `truststore.jks`,
+ and `jksPassword.txt` keys are mounted. `truststore.jks` is
+ not configured and can be ignored when the `ignoreTrustStoreConfig`
+ field is set to `true`.
+ minLength: 1
+ type: string
+ ignoreTrustStoreConfig:
+ description: ignoreTrustStoreConfig indicates whether to ignore
+ the truststore configuration for the Confluent component.
+ type: boolean
+ jksPassword:
+ description: jksPassword references the secret containing the
+ JKS password.
+ properties:
+ secretRef:
+ description: 'secretRef references the name of the secret
+ containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - secretRef
+ type: object
+ secretRef:
+ description: 'secretRef references the secret containing the certificates.
+ More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
+ maxLength: 30
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ type: object
+ required:
+ - dataVolumeCapacity
+ - image
+ - logVolumeCapacity
+ - replicas
+ type: object
+ status:
+ description: status defines the observed state of the Zookeeper cluster.
+ properties:
+ authenticationType:
+ description: authenticationType is the authentication method for the
+ Zookeeper cluster.
+ type: string
+ authorizationType:
+ description: authorizationType is the authorization type for this
+ Confluent component.
+ type: string
+ clusterName:
+ description: clusterName is the name of the Confluent Platform component
+ cluster.
+ type: string
+ clusterNamespace:
+ description: clusterNamespace is the namespace where the Confluent
+ Platform component cluster is running.
+ type: string
+ conditions:
+ description: conditions specify the latest available observations
+ of the current state.
+ items:
+ description: Condition represent the latest available observations
+ of the current state.
+ properties:
+ lastProbeTime:
+ description: lastProbeTime shows the last time the condition
+ was evaluated.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime shows the last time the condition
+ was transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message shows a human-readable message with details
+ about the transition.
+ type: string
+ reason:
+ description: reason shows the reason for the last transition
+ of the condition.
+ type: string
+ status:
+ description: status shows the status of the condition, one of
+ `True`, `False`, or `Unknown`.
+ type: string
+ type:
+ description: type shows the condition type.
+ type: string
+ type: object
+ type: array
+ currentReplicas:
+ description: currentReplicas is the number of currently running replicas.
+ format: int32
+ type: integer
+ endpoint:
+ description: endpoint is the Zookeeper cluster endpoint.
+ type: string
+ internalSecrets:
+ description: internalSecrets are internal secrets created by CFK for
+ this Confluent component.
+ items:
+ type: string
+ type: array
+ internalTopicNames:
+ description: internalTopicNames are the topics used by the component
+ for internal use.
+ items:
+ type: string
+ type: array
+ myIdOffset:
+ description: myIdOffset shows the MyId offset configuration.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: observedGeneration is the most recent generation observed
+ for this Confluent component.
+ format: int64
+ type: integer
+ operatorVersion:
+ description: operatorVersion is the internal version of CFK.
+ type: string
+ phase:
+ description: phase describes the state of the Confluent Platform component.
+ type: string
+ readyReplicas:
+ description: readyReplicas is the number of currently ready replicas.
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: selector gets the label selector of the child pod. The
+ Horizontal Pod Autoscaler(HPA) will scale using the label selector
+ of the child pod.
+ type: string
+ tls:
+ description: tls shows whether TLS is configured for the Zookeeper
+ cluster.
+ type: boolean
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/examples/complete/.main.tf.docs b/examples/complete/.main.tf.docs
index d26dc82..e6ae8ed 100644
--- a/examples/complete/.main.tf.docs
+++ b/examples/complete/.main.tf.docs
@@ -1,24 +1,35 @@
module "confluent_platform" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = var.namespace
- # confluent operator
confluent_operator = {
create_namespace = true
name = "confluent-operator"
chart_version = "0.517.12"
}
- # confluent platform
- /*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
- */
+ zookeeper = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ kafka = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ create_connect = false
+ create_ksqldb = false
+ create_controlcenter = false
+ create_schemaregistry = false
+ create_kafkarestproxy = false
+
+ kafka_topics = {
+ "my-topic" = {}
+ "my-other-topic" = { "spec" = { "configs" = { "cleanup.policy" = "compact" } } }
+ }
}
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 8be8538..26f2071 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -1,6 +1,6 @@
# complete
-Deploy the Confluent Operator and Confluent Platform in a single Terraform run. This Terraforms [confluent-for-kubernetes-examples/quickstart-deploy/confluent-platform.yaml](https://github.com/confluentinc/confluent-kubernetes-examples/blob/master/quickstart-deploy/confluent-platform.yaml).
+Deploy the Confluent Operator and Confluent Platform in a single Terraform run.
## Assumptions
@@ -11,7 +11,8 @@ This example assumes you have a Kubernetes cluster running locally on Docker Des
The Confluent for Kubernetes CRDs must installed on the Kubernetes cluster before the first Terraform apply of the Confluent Platform. Install the CRDs with:
```bash
-make install-cfk-crds
+kubectl config set-cluster docker-desktop
+kubectl apply -f ./crds/2.4.0
```
Please see the [Makefile](https://github.com/aidanmelen/terraform-kubernetes-confluent-platform/blob/main/Makefile) for more information.
@@ -23,27 +24,38 @@ Please see the [Makefile](https://github.com/aidanmelen/terraform-kubernetes-con
```hcl
module "confluent_platform" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = var.namespace
- # confluent operator
confluent_operator = {
create_namespace = true
name = "confluent-operator"
chart_version = "0.517.12"
}
- # confluent platform
- /*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
- */
+ zookeeper = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ kafka = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ create_connect = false
+ create_ksqldb = false
+ create_controlcenter = false
+ create_schemaregistry = false
+ create_kafkarestproxy = false
+
+ kafka_topics = {
+ "my-topic" = {}
+ "my-other-topic" = { "spec" = { "configs" = { "cleanup.policy" = "compact" } } }
+ }
}
```
@@ -65,6 +77,7 @@ module "confluent_platform" {
|------|-------------|
| [confluent\_operator](#output\_confluent\_operator) | The Confluent Operator. |
| [kafka](#output\_kafka) | The Kafka CFK manifest. |
+| [kafka\_topics](#output\_kafka\_topics) | The Kafka CFK manifest. |
| [namespace](#output\_namespace) | The namespace for the Confluent Platform. |
| [zookeeper](#output\_zookeeper) | The Zookeeper CFK manifest. |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 13e1e35..caee946 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -3,21 +3,32 @@ module "confluent_platform" {
namespace = var.namespace
- # confluent operator
confluent_operator = {
create_namespace = true
name = "confluent-operator"
chart_version = "0.517.12"
}
- # confluent platform
- /*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
- */
+ zookeeper = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ kafka = {
+ "spec" = {
+ "replicas" = "3"
+ }
+ }
+
+ create_connect = false
+ create_ksqldb = false
+ create_controlcenter = false
+ create_schemaregistry = false
+ create_kafkarestproxy = false
+
+ kafka_topics = {
+ "my-topic" = {}
+ "my-other-topic" = { "spec" = { "configs" = { "cleanup.policy" = "compact" } } }
+ }
}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index c783467..390ce0c 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -3,11 +3,17 @@ output "namespace" {
value = module.confluent_platform.namespace
}
+################################################################################
+# Confluent Operator
+################################################################################
output "confluent_operator" {
description = "The Confluent Operator."
- value = module.confluent_platform.confluent_operator
+ value = module.confluent_platform.confluent_operator[0]
}
+################################################################################
+# Confluent Platform
+################################################################################
output "zookeeper" {
description = "The Zookeeper CFK manifest."
value = module.confluent_platform.zookeeper_manifest
@@ -17,3 +23,11 @@ output "kafka" {
description = "The Kafka CFK manifest."
value = module.confluent_platform.kafka_manifest
}
+
+################################################################################
+# Kafka Topics
+################################################################################
+output "kafka_topics" {
+ description = "The Kafka CFK manifest."
+ value = module.confluent_platform.kafka_topics
+}
diff --git a/examples/confluent_operator/.main.tf.docs b/examples/confluent_operator/.main.tf.docs
index 978dfe8..1a5cae5 100644
--- a/examples/confluent_operator/.main.tf.docs
+++ b/examples/confluent_operator/.main.tf.docs
@@ -1,6 +1,6 @@
module "confluent_operator" {
source = "aidanmelen/confluent-platform/kubernetes//modules/confluent_operator"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
create_namespace = true
namespace = "confluent"
diff --git a/examples/confluent_operator/README.md b/examples/confluent_operator/README.md
index 75a0a9a..032dedc 100644
--- a/examples/confluent_operator/README.md
+++ b/examples/confluent_operator/README.md
@@ -13,7 +13,7 @@ This example assumes you have a Kubernetes cluster running locally on Docker Des
```hcl
module "confluent_operator" {
source = "aidanmelen/confluent-platform/kubernetes//modules/confluent_operator"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
create_namespace = true
namespace = "confluent"
diff --git a/examples/confluent_platform/.main.tf.docs b/examples/confluent_platform/.main.tf.docs
index 649de87..cb83da3 100644
--- a/examples/confluent_platform/.main.tf.docs
+++ b/examples/confluent_platform/.main.tf.docs
@@ -1,16 +1,16 @@
module "confluent_platform" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = "confluent"
/*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
+ zookeeper = yamldecode( ... )
+ kafka = yamldecode( ... )
+ connect = yamldecode( ... )
+ ksqldb = yamldecode( ... )
+ controlcenter = yamldecode( ... )
+ schemaregistry = yamldecode( ... )
+ kafkarestproxy = yamldecode( ... )
*/
}
diff --git a/examples/confluent_platform/README.md b/examples/confluent_platform/README.md
index bef715e..f37d440 100644
--- a/examples/confluent_platform/README.md
+++ b/examples/confluent_platform/README.md
@@ -8,9 +8,7 @@ This example assumes you have a Kubernetes cluster running locally on Docker Des
## Prerequisites
-Similiar to the [Deploy Applications with the Helm Provider](https://learn.hashicorp.com/tutorials/terraform/helm-provider?in=terraform/use-case) tutorial; releasing the Confluent Operator and Confluent Platform will require two separate Terraform runs.
-
-Deploy the Confluent Operator into the `confluent` namespace. Please see the [confluent_operator example](https://github.com/aidanmelen/terraform-kubernetes-confluent-platform/tree/main/examples/confluent_operator) for more information.
+Release the [Confluent Operator example](https://github.com/aidanmelen/terraform-kubernetes-confluent-platform/tree/main/examples/confluent_operator). This will ensure the CFK CRDs are created and the Confluent Operator pod is running in the `confluent` namespace before releasing the Confluent Platform.
@@ -19,18 +17,18 @@ Deploy the Confluent Operator into the `confluent` namespace. Please see the [co
```hcl
module "confluent_platform" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = "confluent"
/*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
+ zookeeper = yamldecode( ... )
+ kafka = yamldecode( ... )
+ connect = yamldecode( ... )
+ ksqldb = yamldecode( ... )
+ controlcenter = yamldecode( ... )
+ schemaregistry = yamldecode( ... )
+ kafkarestproxy = yamldecode( ... )
*/
}
```
diff --git a/examples/confluent_platform/main.tf b/examples/confluent_platform/main.tf
index 0664c86..ece0531 100644
--- a/examples/confluent_platform/main.tf
+++ b/examples/confluent_platform/main.tf
@@ -3,12 +3,12 @@ module "confluent_platform" {
namespace = "confluent"
/*
- zookeeper = { ... }
- kafka = { ... }
- connect = { ... }
- ksqldb = { ... }
- controlcenter = { ... }
- schemaregistry = { ... }
- kafkarestproxy = { ... }
+ zookeeper = yamldecode( ... )
+ kafka = yamldecode( ... )
+ connect = yamldecode( ... )
+ ksqldb = yamldecode( ... )
+ controlcenter = yamldecode( ... )
+ schemaregistry = yamldecode( ... )
+ kafkarestproxy = yamldecode( ... )
*/
}
diff --git a/examples/confluent_platform_singlenode/.main.tf.docs b/examples/confluent_platform_singlenode/.main.tf.docs
index 0f22809..3609508 100644
--- a/examples/confluent_platform_singlenode/.main.tf.docs
+++ b/examples/confluent_platform_singlenode/.main.tf.docs
@@ -1,6 +1,6 @@
module "confluent_platform_singlenode" {
source = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
namespace = "confluent"
@@ -9,7 +9,7 @@ spec:
replicas: 1
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 100m
@@ -38,7 +38,7 @@ spec:
- "password.encoder.secret=secret"
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 200m
@@ -62,7 +62,7 @@ spec:
- "status.storage.replication.factor=1"
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 100m
@@ -88,7 +88,7 @@ spec:
url: http://schemaregistry.confluent.svc.cluster.local:8081
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 100m
@@ -122,7 +122,7 @@ spec:
domain: minikube.domain
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 500m
@@ -153,7 +153,7 @@ spec:
replicas: 1
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 100m
@@ -173,7 +173,7 @@ spec:
url: http://schemaregistry.confluent.svc.cluster.local:8081
podTemplate:
resource = "aidanmelen/confluent-platform/kubernetes"
- version = ">= 0.3.0"
+ version = ">= 0.4.0"
requests:
cpu: 100m
diff --git a/examples/confluent_platform_singlenode/.terraform-docs.yml b/examples/confluent_platform_singlenode/.terraform-docs.yml
index 6d7ef76..5dd3da7 100644
--- a/examples/confluent_platform_singlenode/.terraform-docs.yml
+++ b/examples/confluent_platform_singlenode/.terraform-docs.yml
@@ -3,7 +3,7 @@ content: |-
## Example
```hcl
- {{ include "./main.tf" }}
+ {{ include ".main.tf.docs" }}
```
{{ .Requirements }}
diff --git a/examples/confluent_platform_singlenode/README.md b/examples/confluent_platform_singlenode/README.md
index 2b3a2ea..517a9cf 100644
--- a/examples/confluent_platform_singlenode/README.md
+++ b/examples/confluent_platform_singlenode/README.md
@@ -8,9 +8,7 @@ This example assumes you have a Kubernetes cluster running locally on Docker Des
## Prerequisites
-Similiar to the [Deploy Applications with the Helm Provider](https://learn.hashicorp.com/tutorials/terraform/helm-provider?in=terraform/use-case) tutorial; releasing the Confluent Operator and Confluent Platform will require two separate Terraform runs.
-
-Deploy the Confluent Operator into the `confluent` namespace. Please see the [confluent_operator example](https://github.com/aidanmelen/terraform-kubernetes-confluent-platform/tree/main/examples/confluent_operator) for more information.
+Release the [Confluent Operator example](https://github.com/aidanmelen/terraform-kubernetes-confluent-platform/tree/main/examples/confluent_operator). This will ensure the CFK CRDs are created and the Confluent Operator pod is running in the `confluent` namespace before releasing the Confluent Platform.
@@ -19,14 +17,18 @@ Deploy the Confluent Operator into the `confluent` namespace. Please see the [co
```hcl
module "confluent_platform_singlenode" {
- source = "../../"
+ source = "aidanmelen/confluent-platform/kubernetes"
+ version = ">= 0.4.0"
+
namespace = "confluent"
zookeeper = yamldecode(<
+
+## Example
+
+```hcl
+module "kafka_topic" {
+ source = "aidanmelen/confluent-platform/kubernetes"
+ version = ">= 0.4.0"
+
+ name = "my-topic"
+ namespace = "confluent"
+}
+
+module "other_kafka_topic" {
+ source = "aidanmelen/confluent-platform/kubernetes"
+ version = ">= 0.4.0"
+
+ name = "my-other-topic"
+ namespace = "confluent"
+
+ values = yamldecode(< [terraform](#requirement\_terraform) | >= 0.14.8 |
+| [helm](#requirement\_helm) | >= 2.0.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.12.1 |
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [kafka\_topic](#module\_kafka\_topic) | ../../modules/kafka_topic | n/a |
+| [other\_kafka\_topic](#module\_other\_kafka\_topic) | ../../modules/kafka_topic | n/a |
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [kafka\_topic\_manifest](#output\_kafka\_topic\_manifest) | The Kafka Topic manifest. |
+| [other\_kafka\_topic\_manifest](#output\_other\_kafka\_topic\_manifest) | The Kafka Topic manifest. |
+
diff --git a/examples/kafka_topics/main.tf b/examples/kafka_topics/main.tf
new file mode 100644
index 0000000..0b3d8fd
--- /dev/null
+++ b/examples/kafka_topics/main.tf
@@ -0,0 +1,23 @@
+module "kafka_topic" {
+ source = "../../modules/kafka_topic"
+
+ name = "my-topic"
+ namespace = "confluent"
+}
+
+module "other_kafka_topic" {
+ source = "../../modules/kafka_topic"
+
+ name = "my-other-topic"
+ namespace = "confluent"
+
+ values = yamldecode(< manifest
if var.create && local.create_confluent_platform[name]
@@ -31,3 +56,16 @@ resource "kubernetes_manifest" "component" {
delete = var.delete_timeout
}
}
+
+################################################################################
+# Kafka Topics
+################################################################################
+module "kafka_topics" {
+ source = "./modules/kafka_topic"
+ depends_on = [kubernetes_manifest.components]
+ for_each = var.kafka_topics
+
+ name = each.key
+ namespace = lookup(each.value, "namespace", var.namespace)
+ values = lookup(each.value, "values", {})
+}
diff --git a/modules/kafka_topic/.terraform-docs.yml b/modules/kafka_topic/.terraform-docs.yml
new file mode 100644
index 0000000..e411edd
--- /dev/null
+++ b/modules/kafka_topic/.terraform-docs.yml
@@ -0,0 +1,13 @@
+content: |-
+ {{ .Header }}
+ ## Example
+
+ ```hcl
+ {{ include "../../examples/kafka_topics/main.tf" }}
+ ```
+
+ {{ .Requirements }}
+ {{ .Providers }}
+ {{ .Resources }}
+ {{ .Inputs }}
+ {{ .Outputs }}
diff --git a/modules/kafka_topic/README.md b/modules/kafka_topic/README.md
new file mode 100644
index 0000000..4ea1fbe
--- /dev/null
+++ b/modules/kafka_topic/README.md
@@ -0,0 +1,67 @@
+# Confluent Operator
+
+Deploy the Confluent Operator.
+
+
+
+## Example
+
+```hcl
+module "kafka_topic" {
+ source = "../../modules/kafka_topic"
+
+ name = "my-topic"
+ namespace = "confluent"
+}
+
+module "other_kafka_topic" {
+ source = "../../modules/kafka_topic"
+
+ name = "my-other-topic"
+ namespace = "confluent"
+
+ values = yamldecode(< [terraform](#requirement\_terraform) | >= 0.14.8 |
+| [helm](#requirement\_helm) | >= 2.0.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.12.1 |
+## Providers
+
+| Name | Version |
+|------|---------|
+| [kubernetes](#provider\_kubernetes) | >= 2.12.1 |
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_manifest.topic](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [create\_timeout](#input\_create\_timeout) | The create timeout for each Conlfuent Platform component. | `string` | `"5m"` | no |
+| [delete\_timeout](#input\_delete\_timeout) | The delete timeout for each Conlfuent Platform component. | `string` | `"5m"` | no |
+| [name](#input\_name) | The Kafka Topic name. | `string` | n/a | yes |
+| [namespace](#input\_namespace) | The namespace of the Confluent Platform. | `string` | `"confluent"` | no |
+| [update\_timeout](#input\_update\_timeout) | The update timeout for each Conlfuent Platform component. | `string` | `"5m"` | no |
+| [values](#input\_values) | The Kafka Topic override values. | `any` | `{}` | no |
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [manifest](#output\_manifest) | The Kafka Topic manifest. |
+
diff --git a/modules/kafka_topic/main.tf b/modules/kafka_topic/main.tf
new file mode 100644
index 0000000..f93d99a
--- /dev/null
+++ b/modules/kafka_topic/main.tf
@@ -0,0 +1,53 @@
+locals {
+ default_kafka_topic_values = yamldecode(
+ < null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "Connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = "kafka:9071"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-server-connect:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "Connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "connect.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRestClassRef = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - build = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - onDemand = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - plugins = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - confluentHub = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - locationType = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - storageLimit = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - connectorOverridePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - connectorTLSCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - admin = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - consumer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - interceptor = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - consumer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - producer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishMs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = "kafka:9071"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - producer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enableSchemas = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-server-connect:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - internalTopicReplicationFactor = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - keyConverterType = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - valueConverterType = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["controlcenter"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "ControlCenter"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "controlcenter"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - connect = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://connect.confluent.svc.cluster.local:8083"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ksqldb = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "ksqldb"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://ksqldb.confluent.svc.cluster.local:8088"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://schemaregistry.confluent.svc.cluster.local:8081"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-enterprise-control-center:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "ControlCenter"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "controlcenter.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "controlcenter"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ldap = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - property = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRestClassRef = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - connect = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "connect"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://connect.confluent.svc.cluster.local:8083"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ksqldb = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedUrl = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "ksqldb"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://ksqldb.confluent.svc.cluster.local:8088"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusters = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://schemaregistry.confluent.svc.cluster.local:8081"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - id = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-enterprise-control-center:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - internalTopicReplicatorFactor = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mail = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - checkServerIdentity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostname = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mailBounceAddress = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mailFrom = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - startTLSRequired = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - monitoringKafkaClusters = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - storageClass = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["kafka"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "Kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metricReporter = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = true
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "Kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "platform.confluent.io/config-revision-hash" = "t2bgf92bkh"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "platform.confluent.io/last-pod-template-hash" = "c5dd99557"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "kafka.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - superUsers = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - zookeeper = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - identityProvider = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ldap = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - address = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - simple = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configurations = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupMemberAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupMemberAttributePattern = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupNameAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupObjectClass = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchBase = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchFilter = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchScope = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userMemberOfAttributePattern = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userNameAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userObjectClass = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchBase = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchFilter = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchScope = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - listeners = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - custom = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - external = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - principalMappingRules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedPort = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapPrefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - brokerPrefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapPrefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - brokerPrefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - staticForHostBasedRouting = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - brokerPrefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - staticForPortBasedRouting = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - portOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - internal = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - principalMappingRules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metricReporter = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = true
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicationFactor = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - passwordEncoder = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rackAssignment = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - availabilityZoneCount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - services = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - provider = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ldap = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - address = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - simple = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configurations = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupMemberAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupMemberAttributePattern = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupNameAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupObjectClass = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchBase = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchFilter = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - groupSearchScope = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userMemberOfAttributePattern = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userNameAttribute = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userObjectClass = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchBase = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchFilter = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - userSearchScope = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - storageClass = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["kafkarestproxy"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "KafkaRestProxy"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "kafkarestproxy"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://schemaregistry.confluent.svc.cluster.local:8081"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-kafka-rest:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "KafkaRestProxy"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "kafkarestproxy.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "kafkarestproxy"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRestClassRef = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - interceptor = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - consumer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - producer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishMs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = "http://schemaregistry.confluent.svc.cluster.local:8081"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-kafka-rest:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["ksqldb"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "KsqlDB"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "ksqldb"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-ksqldb-server:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "KsqlDB"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "ksqldb.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "ksqldb"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRestClassRef = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - interceptor = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - consumer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - producer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishMs = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - schemaRegistry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - url = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-ksqldb-server:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - internalTopicReplicationFactor = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 1
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - storageClass = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["schemaregistry"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "SchemaRegistry"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "schemaregistry"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - application = "confluentinc/cp-schema-registry:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kind = "SchemaRegistry"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - "schemaregistry.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = "schemaregistry"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - basic = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - debug = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - restrictedRoles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - roles = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authorization = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafkaRestClassRef = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - dependencies = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - oauthbearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bootstrapEndpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - discovery = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - namespace = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - mds = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - bearer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - endpoint = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - tokenKeyPair = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enableSchemaExporter = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalAccess = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancer = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - loadBalancerSourceRanges = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - port = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePort = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - advertisedURL = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - externalTrafficPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - host = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - nodePortOffset = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - servicePorts = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinity = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - sessionAffinityConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - clientIP = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - route = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - domain = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - prefix = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - wildcardPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:07Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - application = "confluentinc/cp-schema-registry:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - internalTopicReplicatorFactor = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - passwordEncoder = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - telemetry = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - global = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: # module.confluent_platform.kubernetes_manifest.component["zookeeper"] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resource "kubernetes_manifest" "component" {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - computed_fields = [
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - "metadata.finalizers",
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - manifest = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - kind = "Zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - logVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - object = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - kind = "Zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - clusterName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - creationTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - deletionGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - deletionTimestamp = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - finalizers = [
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - "zookeeper.finalizers.platform.confluent.io",
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: ]
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - generateName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - generation = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - managedFields = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - ownerReferences = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resourceVersion = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - selfLink = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - uid = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jaasConfig = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jaasConfigPassThrough = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - principalMappingRules = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - configOverrides = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jvm = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - log4j = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - peers = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - server = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - headlessService = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - publishNotReadyAddresses = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - pullPolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - pullSecretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - injectAnnotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - injectLabels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - k8sClusterDomain = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - license = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - globalLicense = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - logVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metrics = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - authentication = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - prometheus = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - blacklist = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - rules = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - whitelist = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - enabled = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - mountedSecrets = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - mountedVolumes = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - volumeMounts = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - volumes = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - oneReplicaPerNode = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podTemplate = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - affinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - nodeAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - nodeSelectorTerms = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podAntiAffinity = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - annotations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - envVars = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - labels = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - podSecurityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fsGroupChangePolicy = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - supplementalGroups = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - sysctls = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - priorityClassName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - probe = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - liveness = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - readiness = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - failureThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - initialDelaySeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - periodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - successThreshold = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeoutSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resources = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - limits = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - requests = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - securityContext = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - allowPrivilegeEscalation = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - capabilities = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - add = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - drop = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - privileged = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - procMount = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - readOnlyRootFilesystem = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsGroup = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsNonRoot = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUser = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seLinuxOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - level = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - role = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - user = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - seccompProfile = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - localhostProfile = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - type = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - windowsOptions = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpec = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - gmsaCredentialSpecName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - hostProcess = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - runAsUserName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - serviceAccountName = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - terminationGracePeriodSeconds = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tolerations = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - topologySpreadConstraints = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - storageClass = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - tls = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - autoGeneratedCerts = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - directoryPathInContainer = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - ignoreTrustStoreConfig = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - jksPassword = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - secretRef = null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeouts {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - create = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - delete = "10m" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - update = "1h" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - wait {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - fields = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - "status.phase" = "RUNNING"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resource "helm_release" "confluent_operator" {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - atomic = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - chart = "confluent-for-kubernetes" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - cleanup_on_fail = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - create_namespace = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - dependency_update = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - disable_crd_hooks = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - disable_openapi_validation = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - disable_webhooks = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - force_update = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - id = "confluent-operator" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - lint = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - max_history = 0 -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata = [
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - app_version = "2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - chart = "confluent-for-kubernetes"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "confluent-operator"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - revision = 1
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - values = "null"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - version = "0.517.12"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "confluent-operator" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - pass_credentials = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - recreate_pods = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - render_subchart_notes = true -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replace = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - repository = "https://packages.confluent.io/helm" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - reset_values = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - reuse_values = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - skip_crds = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - status = "deployed" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - timeout = 300 -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - values = [] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - verify = false -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - version = "0.517.12" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - wait = true -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - wait_for_jobs = true -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0] will be destroyed
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resource "kubernetes_namespace_v1" "namespace" {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - id = "confluent" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - annotations = {} -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - generation = 0 -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - labels = {} -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "confluent" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - resource_version = "28528" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - uid = "913e9067-c540-48e2-adcb-b2323a334a51" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: Plan: 0 to add, 0 to change, 9 to destroy.
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: Changes to Outputs:
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - confluent_operator = [
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - app_version = "2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - chart_version = "0.517.12"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: },
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: ] -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - kafka = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - kind = "Kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "kafka"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metricReporter = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - enabled = true
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent" -> null
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - zookeeper = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - kind = "Zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - metadata = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - name = "zookeeper"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - namespace = "confluent"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - spec = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - dataVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - image = {
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - logVolumeCapacity = "10Gi"
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: - replicas = 3
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: }
-TestTerraformCompleteExample 2022-07-30T23:06:08Z logger.go:66: } -> null
-TestTerraformCompleteExample 2022-07-30T23:06:15Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["zookeeper"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:16Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["zookeeper"]: Destruction complete after 1s
-TestTerraformCompleteExample 2022-07-30T23:06:17Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["schemaregistry"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:18Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["kafkarestproxy"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:18Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["ksqldb"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:19Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["controlcenter"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:19Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["connect"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:21Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["kafka"]: Destroying...
-TestTerraformCompleteExample 2022-07-30T23:06:26Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["schemaregistry"]: Destruction complete after 10s
-TestTerraformCompleteExample 2022-07-30T23:06:27Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["kafkarestproxy"]: Destruction complete after 10s
-TestTerraformCompleteExample 2022-07-30T23:06:28Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["controlcenter"]: Destruction complete after 8s
-TestTerraformCompleteExample 2022-07-30T23:06:28Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["ksqldb"]: Still destroying... [10s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:06:28Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["kafka"]: Destruction complete after 6s
-TestTerraformCompleteExample 2022-07-30T23:06:28Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["connect"]: Destruction complete after 9s
-TestTerraformCompleteExample 2022-07-30T23:06:28Z logger.go:66: module.confluent_platform.kubernetes_manifest.component["ksqldb"]: Destruction complete after 11s
-TestTerraformCompleteExample 2022-07-30T23:06:29Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Destroying... [id=confluent-operator]
-TestTerraformCompleteExample 2022-07-30T23:06:39Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Still destroying... [id=confluent-operator, 10s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:06:49Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Still destroying... [id=confluent-operator, 20s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:06:56Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Destruction complete after 28s
-TestTerraformCompleteExample 2022-07-30T23:06:57Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Destroying... [id=confluent]
-TestTerraformCompleteExample 2022-07-30T23:07:07Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 10s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:07:17Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 21s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:07:28Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 31s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:07:38Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 41s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:07:48Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 51s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:07:58Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 1m1s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:08:09Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 1m11s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:08:18Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 1m21s elapsed]
-TestTerraformCompleteExample 2022-07-30T23:08:27Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Destruction complete after 1m31s
-TestTerraformCompleteExample 2022-07-30T23:08:27Z logger.go:66:
-TestTerraformCompleteExample 2022-07-30T23:08:27Z logger.go:66: Destroy complete! Resources: 9 destroyed.
---- PASS: TestTerraformCompleteExample (728.53s)
+TestTerraformCompleteExample 2022-07-31T19:49:44Z retry.go:91: terraform [init -upgrade=false]
+TestTerraformCompleteExample 2022-07-31T19:49:44Z logger.go:66: Running command terraform with args [init -upgrade=false]
+TestTerraformCompleteExample 2022-07-31T19:49:44Z logger.go:66: �[0m�[1mInitializing modules...�[0m
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66: �[0m�[1mInitializing the backend...�[0m
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66: �[0m�[1mInitializing provider plugins...�[0m
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
+TestTerraformCompleteExample 2022-07-31T19:49:45Z logger.go:66: - Reusing previous version of hashicorp/helm from the dependency lock file
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: - Using previously-installed hashicorp/kubernetes v2.12.1
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: - Using previously-installed hashicorp/helm v2.6.0
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: �[0m�[1m�[32mTerraform has been successfully initialized!�[0m�[32m�[0m
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: �[0m�[32m
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: You may now begin working with Terraform. Try running "terraform plan" to see
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: any changes that are required for your infrastructure. All Terraform commands
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: should now work.
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: If you ever set or change modules or backend configuration for Terraform,
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: rerun this command to reinitialize your working directory. If you forget, other
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: commands will detect it and remind you to do so if necessary.�[0m
+TestTerraformCompleteExample 2022-07-31T19:49:46Z retry.go:91: terraform [apply -input=false -auto-approve -no-color -lock=false]
+TestTerraformCompleteExample 2022-07-31T19:49:46Z logger.go:66: Running command terraform with args [apply -input=false -auto-approve -no-color -lock=false]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: Terraform used the selected providers to generate the following execution
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: plan. Resource actions are indicated with the following symbols:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: Terraform will perform the following actions:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.kubernetes_manifest.components["kafka"] will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "kubernetes_manifest" "components" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + object = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clusterName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + finalizers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generateName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + managedFields = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + selfLink = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + uid = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authorization = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + superUsers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configOverrides = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jvm = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + log4j = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + server = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dependencies = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bootstrapEndpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + endpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mds = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + endpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafka = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bootstrapEndpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + discovery = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tokenKeyPair = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + schemaRegistry = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + basic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + debug = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + roles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + url = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + zookeeper = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + discovery = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + endpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + headlessService = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + publishNotReadyAddresses = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + identityProvider = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ldap = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + address = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + simple = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configurations = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupMemberAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupMemberAttributePattern = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupNameAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupObjectClass = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchBase = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchFilter = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchScope = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userMemberOfAttributePattern = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userNameAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userObjectClass = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchBase = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchFilter = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchScope = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + pullPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + pullSecretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + injectAnnotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + injectLabels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + k8sClusterDomain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + license = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + globalLicense = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + listeners = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + custom = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + external = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + principalMappingRules = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedPort = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bootstrapPrefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + brokerPrefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancerSourceRanges = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + host = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePortOffset = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + route = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bootstrapPrefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + brokerPrefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wildcardPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + staticForHostBasedRouting = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + brokerPrefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + port = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + staticForPortBasedRouting = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + host = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + portOffset = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + internal = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + principalMappingRules = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bootstrapEndpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicationFactor = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metrics = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prometheus = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + blacklist = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + rules = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + whitelist = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mountedSecrets = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mountedVolumes = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + volumeMounts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + volumes = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oneReplicaPerNode = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + passwordEncoder = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podTemplate = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + affinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodeAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodeSelectorTerms = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podAntiAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + envVars = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podSecurityContext = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fsGroupChangePolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsNonRoot = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUser = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + level = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + role = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + user = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + localhostProfile = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + supplementalGroups = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sysctls = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpec = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpecName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + hostProcess = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUserName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + priorityClassName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + probe = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + liveness = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + failureThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + initialDelaySeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + periodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + successThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + readiness = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + failureThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + initialDelaySeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + periodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + successThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resources = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + limits = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requests = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + securityContext = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + allowPrivilegeEscalation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + capabilities = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + add = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + drop = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + privileged = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + procMount = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + readOnlyRootFilesystem = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsNonRoot = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUser = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + level = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + role = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + user = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + localhostProfile = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpec = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpecName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + hostProcess = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUserName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + serviceAccountName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + terminationGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tolerations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + topologySpreadConstraints = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + rackAssignment = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + availabilityZoneCount = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodeLabels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + services = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + basic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + debug = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + roles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancerSourceRanges = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + port = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + host = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePortOffset = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + route = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wildcardPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mds = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + loadBalancerSourceRanges = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + port = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + externalTrafficPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + host = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodePortOffset = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + servicePorts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinity = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + route = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + domain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prefix = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wildcardPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + provider = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ldap = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + address = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + simple = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configurations = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupMemberAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupMemberAttributePattern = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupNameAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupObjectClass = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchBase = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchFilter = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + groupSearchScope = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userMemberOfAttributePattern = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userNameAttribute = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userObjectClass = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchBase = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchFilter = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + userSearchScope = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tokenKeyPair = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + storageClass = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + telemetry = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + global = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + autoGeneratedCerts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeouts {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create = "1h"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + delete = "10m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + update = "1h"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fields = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "status.phase" = "RUNNING"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.kubernetes_manifest.components["zookeeper"] will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "kubernetes_manifest" "components" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + object = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clusterName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + finalizers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generateName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + managedFields = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + selfLink = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + uid = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + principalMappingRules = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configOverrides = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jvm = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + log4j = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + peers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + server = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + headlessService = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + publishNotReadyAddresses = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + pullPolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + pullSecretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + injectAnnotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + injectLabels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + k8sClusterDomain = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + license = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + globalLicense = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metrics = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + prometheus = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + blacklist = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + rules = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + whitelist = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mountedSecrets = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + mountedVolumes = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + volumeMounts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + volumes = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + oneReplicaPerNode = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podTemplate = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + affinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodeAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + nodeSelectorTerms = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podAntiAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requiredDuringSchedulingIgnoredDuringExecution = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + envVars = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + podSecurityContext = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fsGroupChangePolicy = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsNonRoot = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUser = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + level = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + role = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + user = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + localhostProfile = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + supplementalGroups = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + sysctls = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpec = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpecName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + hostProcess = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUserName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + priorityClassName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + probe = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + liveness = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + failureThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + initialDelaySeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + periodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + successThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + readiness = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + failureThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + initialDelaySeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + periodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + successThreshold = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeoutSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resources = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + limits = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + requests = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + securityContext = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + allowPrivilegeEscalation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + capabilities = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + add = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + drop = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + privileged = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + procMount = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + readOnlyRootFilesystem = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsGroup = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsNonRoot = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUser = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + level = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + role = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + user = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + localhostProfile = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpec = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + gmsaCredentialSpecName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + hostProcess = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + runAsUserName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + serviceAccountName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + terminationGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tolerations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + topologySpreadConstraints = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + storageClass = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + autoGeneratedCerts = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ignoreTrustStoreConfig = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeouts {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create = "1h"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + delete = "10m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + update = "1h"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fields = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "status.phase" = "RUNNING"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0] will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "helm_release" "confluent_operator" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + atomic = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + chart = "confluent-for-kubernetes"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + cleanup_on_fail = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create_namespace = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dependency_update = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + disable_crd_hooks = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + disable_openapi_validation = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + disable_webhooks = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + force_update = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + id = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + lint = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + max_history = 0
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "confluent-operator"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + pass_credentials = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + recreate_pods = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + render_subchart_notes = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replace = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + repository = "https://packages.confluent.io/helm"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + reset_values = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + reuse_values = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + skip_crds = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + status = "deployed"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeout = 300
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + values = []
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + verify = false
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + version = "0.517.12"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait_for_jobs = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0] will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "kubernetes_namespace_v1" "namespace" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + id = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource_version = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + uid = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "kubernetes_manifest" "topic" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + object = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clusterName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + finalizers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generateName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + managedFields = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + selfLink = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + uid = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaClusterRef = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + basic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + debug = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + roles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + endpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaClusterID = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRestClassRef = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeouts {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + delete = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + update = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fields = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "status.state" = "CREATED"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: # module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic will be created
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resource "kubernetes_manifest" "topic" {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + object = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + annotations = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + clusterName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + finalizers = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generateName = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + generation = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + labels = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + managedFields = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + selfLink = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + uid = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaClusterRef = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + authentication = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + basic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + debug = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + roles = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + bearer = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + type = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + endpoint = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaClusterID = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + tls = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + secretRef = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafkaRestClassRef = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + timeouts {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + create = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + delete = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + update = "5m"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + wait {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + fields = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "status.state" = "CREATED"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: Plan: 6 to add, 0 to change, 0 to destroy.
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: Changes to Outputs:
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + confluent_operator = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + app_version = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + chart_version = (known after apply)
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafka = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + enabled = true
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kafka_topics = [
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + my-other-topic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + my-topic = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + manifest = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + configs = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + zookeeper = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + metadata = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + spec = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + image = {
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: + replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:51Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:49:52Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Creating...
+TestTerraformCompleteExample 2022-07-31T19:49:52Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Creation complete after 0s [id=confluent]
+TestTerraformCompleteExample 2022-07-31T19:49:52Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Creating...
+TestTerraformCompleteExample 2022-07-31T19:49:59Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Creation complete after 6s [id=confluent-operator]
+TestTerraformCompleteExample 2022-07-31T19:50:01Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Creating...
+TestTerraformCompleteExample 2022-07-31T19:50:01Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Creating...
+TestTerraformCompleteExample 2022-07-31T19:50:11Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Still creating... [10s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:11Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [10s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:21Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Still creating... [20s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:21Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [20s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:31Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Still creating... [30s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:31Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [30s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:41Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Still creating... [40s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:41Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [40s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:50:46Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Creation complete after 45s
+TestTerraformCompleteExample 2022-07-31T19:50:51Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [50s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:51:01Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [1m0s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:51:11Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [1m10s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:51:21Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Still creating... [1m20s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:51:30Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Creation complete after 1m30s
+TestTerraformCompleteExample 2022-07-31T19:51:31Z logger.go:66: module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic: Creating...
+TestTerraformCompleteExample 2022-07-31T19:51:31Z logger.go:66: module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic: Creating...
+TestTerraformCompleteExample 2022-07-31T19:51:32Z logger.go:66: module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic: Creation complete after 2s
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic: Creation complete after 3s
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: Outputs:
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: confluent_operator = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "app_version" = "2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "chart_version" = "0.517.12"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "namespace" = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: kafka = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "kind" = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "metadata" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "name" = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "namespace" = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "spec" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "dataVolumeCapacity" = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "image" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "application" = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "init" = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "metricReporter" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "enabled" = true
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "replicas" = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: kafka_topics = [
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "my-other-topic" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "manifest" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "kind" = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "metadata" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "name" = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "namespace" = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "spec" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "configs" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "partitionCount" = 3
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "replicas" = 3
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "my-topic" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "manifest" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "kind" = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "metadata" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "name" = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "namespace" = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "spec" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "configs" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "partitionCount" = 3
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "replicas" = 3
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: zookeeper = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "kind" = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "metadata" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "name" = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "namespace" = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "spec" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "dataVolumeCapacity" = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "image" = {
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "application" = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "init" = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "logVolumeCapacity" = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: "replicas" = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:34Z retry.go:91: terraform [output -no-color -json confluent_operator]
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: Running command terraform with args [output -no-color -json confluent_operator]
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: {"app_version":"2.4.0","chart_version":"0.517.12","namespace":"confluent"}
+TestTerraformCompleteExample 2022-07-31T19:51:34Z retry.go:91: terraform [output -no-color -json zookeeper]
+TestTerraformCompleteExample 2022-07-31T19:51:34Z logger.go:66: Running command terraform with args [output -no-color -json zookeeper]
+TestTerraformCompleteExample 2022-07-31T19:51:35Z logger.go:66: {"apiVersion":"platform.confluent.io/v1beta1","kind":"Zookeeper","metadata":{"name":"zookeeper","namespace":"confluent"},"spec":{"dataVolumeCapacity":"10Gi","image":{"application":"confluentinc/cp-zookeeper:7.2.0","init":"confluentinc/confluent-init-container:2.4.0"},"logVolumeCapacity":"10Gi","replicas":"3"}}
+TestTerraformCompleteExample 2022-07-31T19:51:35Z retry.go:91: terraform [output -no-color -json kafka]
+TestTerraformCompleteExample 2022-07-31T19:51:35Z logger.go:66: Running command terraform with args [output -no-color -json kafka]
+TestTerraformCompleteExample 2022-07-31T19:51:35Z logger.go:66: {"apiVersion":"platform.confluent.io/v1beta1","kind":"Kafka","metadata":{"name":"kafka","namespace":"confluent"},"spec":{"dataVolumeCapacity":"10Gi","image":{"application":"confluentinc/cp-server:7.2.0","init":"confluentinc/confluent-init-container:2.4.0"},"metricReporter":{"enabled":true},"replicas":"3"}}
+TestTerraformCompleteExample 2022-07-31T19:51:35Z retry.go:91: terraform [output -no-color -json kafka_topics]
+TestTerraformCompleteExample 2022-07-31T19:51:35Z logger.go:66: Running command terraform with args [output -no-color -json kafka_topics]
+TestTerraformCompleteExample 2022-07-31T19:51:36Z logger.go:66: [{"my-other-topic":{"manifest":{"apiVersion":"platform.confluent.io/v1beta1","kind":"KafkaTopic","metadata":{"name":"my-other-topic","namespace":"confluent"},"spec":{"configs":{"cleanup.policy":"delete"},"partitionCount":3,"replicas":3}}},"my-topic":{"manifest":{"apiVersion":"platform.confluent.io/v1beta1","kind":"KafkaTopic","metadata":{"name":"my-topic","namespace":"confluent"},"spec":{"configs":{"cleanup.policy":"delete"},"partitionCount":3,"replicas":3}}}}]
+TestTerraformCompleteExample 2022-07-31T19:51:36Z retry.go:91: terraform [destroy -auto-approve -input=false -no-color -lock=false]
+TestTerraformCompleteExample 2022-07-31T19:51:36Z logger.go:66: Running command terraform with args [destroy -auto-approve -input=false -no-color -lock=false]
+TestTerraformCompleteExample 2022-07-31T19:51:38Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Refreshing state... [id=confluent]
+TestTerraformCompleteExample 2022-07-31T19:51:38Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Refreshing state... [id=confluent-operator]
+TestTerraformCompleteExample 2022-07-31T19:51:40Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Refreshing state...
+TestTerraformCompleteExample 2022-07-31T19:51:41Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Refreshing state...
+TestTerraformCompleteExample 2022-07-31T19:51:43Z logger.go:66: module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic: Refreshing state...
+TestTerraformCompleteExample 2022-07-31T19:51:43Z logger.go:66: module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic: Refreshing state...
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: Terraform used the selected providers to generate the following execution
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: plan. Resource actions are indicated with the following symbols:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - destroy
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: Terraform will perform the following actions:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.kubernetes_manifest.components["kafka"] will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "kubernetes_manifest" "components" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - object = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "platform.confluent.io/config-revision-hash" = "t2bgf92bkh"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "platform.confluent.io/last-pod-template-hash" = "c5dd99557"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clusterName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - creationTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - finalizers = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "kafka.finalizers.platform.confluent.io",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generateName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - managedFields = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ownerReferences = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resourceVersion = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - selfLink = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authorization = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - superUsers = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configOverrides = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jvm = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - log4j = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - server = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dependencies = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bootstrapEndpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - endpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mds = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - endpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafka = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bootstrapEndpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - discovery = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tokenKeyPair = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - schemaRegistry = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - basic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - debug = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - restrictedRoles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - roles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - url = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - zookeeper = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - discovery = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - endpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - headlessService = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - publishNotReadyAddresses = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - identityProvider = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ldap = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - address = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - simple = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configurations = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupMemberAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupMemberAttributePattern = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupNameAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupObjectClass = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchBase = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchFilter = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchScope = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userMemberOfAttributePattern = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userNameAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userObjectClass = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchBase = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchFilter = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchScope = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - pullPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - pullSecretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - injectAnnotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - injectLabels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - k8sClusterDomain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - license = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - globalLicense = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - listeners = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - custom = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - external = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - principalMappingRules = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedPort = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bootstrapPrefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - brokerPrefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancerSourceRanges = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - host = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePortOffset = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - route = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bootstrapPrefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - brokerPrefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wildcardPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - staticForHostBasedRouting = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - brokerPrefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - port = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - staticForPortBasedRouting = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - host = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - portOffset = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - internal = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - principalMappingRules = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oauthbearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bootstrapEndpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicationFactor = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metrics = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prometheus = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - blacklist = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - rules = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - whitelist = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mountedSecrets = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mountedVolumes = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - volumeMounts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - volumes = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oneReplicaPerNode = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - passwordEncoder = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podTemplate = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - affinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodeAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodeSelectorTerms = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podAntiAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - envVars = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podSecurityContext = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fsGroupChangePolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsNonRoot = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUser = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - level = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - role = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - user = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - localhostProfile = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - supplementalGroups = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sysctls = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpec = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpecName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - hostProcess = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUserName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - priorityClassName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - probe = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - liveness = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - failureThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - initialDelaySeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - periodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - successThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - readiness = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - failureThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - initialDelaySeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - periodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - successThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resources = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - limits = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requests = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - securityContext = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - allowPrivilegeEscalation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - capabilities = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - add = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - drop = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - privileged = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - procMount = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - readOnlyRootFilesystem = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsNonRoot = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUser = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - level = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - role = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - user = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - localhostProfile = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpec = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpecName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - hostProcess = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUserName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - serviceAccountName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - terminationGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tolerations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - topologySpreadConstraints = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - rackAssignment = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - availabilityZoneCount = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodeLabels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - services = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - basic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - debug = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - restrictedRoles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - roles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancerSourceRanges = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - port = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - host = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePortOffset = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - route = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wildcardPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mds = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalAccess = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - loadBalancerSourceRanges = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - port = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePort = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - advertisedURL = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - externalTrafficPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - host = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodePortOffset = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - servicePorts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinity = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sessionAffinityConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clientIP = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - route = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - domain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prefix = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wildcardPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - provider = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ldap = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - address = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - simple = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configurations = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupMemberAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupMemberAttributePattern = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupNameAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupObjectClass = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchBase = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchFilter = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - groupSearchScope = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userMemberOfAttributePattern = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userNameAttribute = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userObjectClass = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchBase = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchFilter = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - userSearchScope = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tokenKeyPair = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - storageClass = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - telemetry = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - global = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - autoGeneratedCerts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeouts {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - create = "1h" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - delete = "10m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - update = "1h" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fields = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "status.phase" = "RUNNING"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.kubernetes_manifest.components["zookeeper"] will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "kubernetes_manifest" "components" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - object = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clusterName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - creationTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - finalizers = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "zookeeper.finalizers.platform.confluent.io",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generateName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - managedFields = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ownerReferences = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resourceVersion = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - selfLink = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfig = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jaasConfigPassThrough = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - principalMappingRules = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configOverrides = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jvm = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - log4j = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - peers = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - server = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - headlessService = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - publishNotReadyAddresses = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - pullPolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - pullSecretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - injectAnnotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - injectLabels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - k8sClusterDomain = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - license = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - globalLicense = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metrics = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - prometheus = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - blacklist = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - rules = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - whitelist = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mountedSecrets = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - mountedVolumes = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - volumeMounts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - volumes = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - oneReplicaPerNode = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podTemplate = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - affinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodeAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - nodeSelectorTerms = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podAntiAffinity = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - preferredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requiredDuringSchedulingIgnoredDuringExecution = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - envVars = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - podSecurityContext = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fsGroupChangePolicy = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsNonRoot = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUser = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - level = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - role = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - user = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - localhostProfile = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - supplementalGroups = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - sysctls = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpec = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpecName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - hostProcess = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUserName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - priorityClassName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - probe = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - liveness = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - failureThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - initialDelaySeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - periodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - successThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - readiness = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - failureThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - initialDelaySeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - periodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - successThreshold = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeoutSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resources = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - limits = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - requests = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - securityContext = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - allowPrivilegeEscalation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - capabilities = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - add = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - drop = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - privileged = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - procMount = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - readOnlyRootFilesystem = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsGroup = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsNonRoot = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUser = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seLinuxOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - level = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - role = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - user = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - seccompProfile = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - localhostProfile = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - windowsOptions = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpec = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - gmsaCredentialSpecName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - hostProcess = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - runAsUserName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - serviceAccountName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - terminationGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tolerations = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - topologySpreadConstraints = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - storageClass = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - autoGeneratedCerts = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ignoreTrustStoreConfig = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeouts {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - create = "1h" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - delete = "10m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - update = "1h" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fields = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "status.phase" = "RUNNING"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0] will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "helm_release" "confluent_operator" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - atomic = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - chart = "confluent-for-kubernetes" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - cleanup_on_fail = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - create_namespace = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dependency_update = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - disable_crd_hooks = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - disable_openapi_validation = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - disable_webhooks = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - force_update = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - id = "confluent-operator" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - lint = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - max_history = 0 -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - app_version = "2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - chart = "confluent-for-kubernetes"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "confluent-operator"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - revision = 1
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - values = "null"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - version = "0.517.12"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "confluent-operator" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - pass_credentials = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - recreate_pods = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - render_subchart_notes = true -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replace = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - repository = "https://packages.confluent.io/helm" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - reset_values = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - reuse_values = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - skip_crds = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - status = "deployed" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeout = 300 -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - values = [] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - verify = false -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - version = "0.517.12" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait = true -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait_for_jobs = true -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0] will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "kubernetes_namespace_v1" "namespace" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - id = "confluent" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = {} -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generation = 0 -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = {} -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "confluent" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource_version = "18085" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = "d81f7564-6783-4080-9341-01daef4bbe6b" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "kubernetes_manifest" "topic" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - object = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "platform.confluent.io/last-spec-hash" = "7i6/qOJHLetfg5ZGkh0Cl1rS/27WOe+EQCiKKuet8rE="
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clusterName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - creationTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - finalizers = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "kafkatopic.finalizers.platform.confluent.io",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generateName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - managedFields = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ownerReferences = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - blockOwnerDeletion = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - controller = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = "83f3a1be-26ba-403a-bdbc-0f6a04a1449f"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resourceVersion = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - selfLink = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaClusterRef = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - basic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - debug = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - restrictedRoles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - roles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - endpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaClusterID = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRestClassRef = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeouts {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - create = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - delete = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - update = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fields = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "status.state" = "CREATED"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: # module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic will be destroyed
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resource "kubernetes_manifest" "topic" {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - computed_fields = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "metadata.finalizers",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - object = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - annotations = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "platform.confluent.io/last-spec-hash" = "7i6/qOJHLetfg5ZGkh0Cl1rS/27WOe+EQCiKKuet8rE="
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - clusterName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - creationTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - deletionTimestamp = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - finalizers = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "kafkatopic.finalizers.platform.confluent.io",
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generateName = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - generation = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - labels = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - managedFields = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - ownerReferences = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - blockOwnerDeletion = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - controller = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = "83f3a1be-26ba-403a-bdbc-0f6a04a1449f"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ]
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - resourceVersion = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - selfLink = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - uid = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaClusterRef = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - authentication = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - basic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - debug = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - restrictedRoles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - roles = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - bearer = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - type = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - endpoint = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaClusterID = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - tls = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - directoryPathInContainer = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - jksPassword = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - secretRef = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafkaRestClassRef = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - timeouts {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - create = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - delete = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - update = "5m" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - wait {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - fields = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "status.state" = "CREATED"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: Plan: 0 to add, 0 to change, 6 to destroy.
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: Changes to Outputs:
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - confluent_operator = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - app_version = "2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - chart_version = "0.517.12"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafka = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "kafka"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-server:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metricReporter = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - enabled = true
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kafka_topics = [
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - my-other-topic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-other-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - my-topic = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - manifest = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "my-topic"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - configs = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - partitionCount = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = 3
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: },
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: ] -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent" -> null
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - zookeeper = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - kind = "Zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - metadata = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - name = "zookeeper"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - namespace = "confluent"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - spec = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - dataVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - image = {
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - application = "confluentinc/cp-zookeeper:7.2.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - init = "confluentinc/confluent-init-container:2.4.0"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - logVolumeCapacity = "10Gi"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: - replicas = "3"
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: }
+TestTerraformCompleteExample 2022-07-31T19:51:44Z logger.go:66: } -> null
+TestTerraformCompleteExample 2022-07-31T19:51:46Z logger.go:66: module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic: Destroying...
+TestTerraformCompleteExample 2022-07-31T19:51:46Z logger.go:66: module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic: Destroying...
+TestTerraformCompleteExample 2022-07-31T19:51:47Z logger.go:66: module.confluent_platform.module.kafka_topics["my-other-topic"].kubernetes_manifest.topic: Destruction complete after 1s
+TestTerraformCompleteExample 2022-07-31T19:51:47Z logger.go:66: module.confluent_platform.module.kafka_topics["my-topic"].kubernetes_manifest.topic: Destruction complete after 1s
+TestTerraformCompleteExample 2022-07-31T19:51:48Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Destroying...
+TestTerraformCompleteExample 2022-07-31T19:51:48Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Destroying...
+TestTerraformCompleteExample 2022-07-31T19:51:49Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["zookeeper"]: Destruction complete after 1s
+TestTerraformCompleteExample 2022-07-31T19:51:49Z logger.go:66: module.confluent_platform.kubernetes_manifest.components["kafka"]: Destruction complete after 2s
+TestTerraformCompleteExample 2022-07-31T19:51:49Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Destroying... [id=confluent-operator]
+TestTerraformCompleteExample 2022-07-31T19:51:50Z logger.go:66: module.confluent_platform.module.confluent_operator[0].helm_release.confluent_operator[0]: Destruction complete after 1s
+TestTerraformCompleteExample 2022-07-31T19:51:50Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Destroying... [id=confluent]
+TestTerraformCompleteExample 2022-07-31T19:52:00Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 10s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:52:10Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 20s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:52:20Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Still destroying... [id=confluent, 30s elapsed]
+TestTerraformCompleteExample 2022-07-31T19:52:23Z logger.go:66: module.confluent_platform.module.confluent_operator[0].kubernetes_namespace_v1.namespace[0]: Destruction complete after 33s
+TestTerraformCompleteExample 2022-07-31T19:52:23Z logger.go:66:
+TestTerraformCompleteExample 2022-07-31T19:52:23Z logger.go:66: Destroy complete! Resources: 6 destroyed.
+--- PASS: TestTerraformCompleteExample (159.13s)
PASS
-ok command-line-arguments 728.631s
+ok command-line-arguments 159.141s
diff --git a/test/terraform_confluent_operator_test.go b/test/terraform_confluent_operator_test.go
index cfb37c3..538141d 100644
--- a/test/terraform_confluent_operator_test.go
+++ b/test/terraform_confluent_operator_test.go
@@ -23,9 +23,9 @@ func TestTerraformConfluentOperatorExample(t *testing.T) {
terraform.InitAndApply(t, terraformOptions)
// website::tag::3:: Run `terraform output` to get the values of output variables and check they have the expected values.
- actualAppVersion := terraform.Output(t, terraformOptions, "confluent_operator")
+ actualConfluentOperator := terraform.Output(t, terraformOptions, "confluent_operator")
- expectedAppVersion := "map[app_version:2.4.0 chart_version:0.517.12 namespace:confluent]"
+ expectedConfluentOperator := "map[app_version:2.4.0 chart_version:0.517.12 namespace:confluent]"
- assert.Equal(t, expectedAppVersion, actualAppVersion, "Map %q should match %q", expectedAppVersion, actualAppVersion)
+ assert.Equal(t, expectedConfluentOperator, actualConfluentOperator, "Map %q should match %q", expectedConfluentOperator, actualConfluentOperator)
}
diff --git a/test/terraform_kafka_topics_test.go b/test/terraform_kafka_topics_test.go
new file mode 100644
index 0000000..d7e7b21
--- /dev/null
+++ b/test/terraform_kafka_topics_test.go
@@ -0,0 +1,34 @@
+package test
+
+import (
+ "testing"
+
+ "github.com/gruntwork-io/terratest/modules/terraform"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestTerraformKafkaTopicsExample(t *testing.T) {
+ terraformOptions := &terraform.Options{
+ // website::tag::1:: Set the path to the Terraform code that will be tested.
+ TerraformDir: "../examples/kafka_topics",
+
+ // Disable colors in Terraform commands so its easier to parse stdout/stderr
+ NoColor: true,
+ }
+
+ // website::tag::4:: Clean up resources with "terraform destroy" at the end of the test.
+ defer terraform.Destroy(t, terraformOptions)
+
+ // website::tag::2:: Run "terraform init" and "terraform apply". Fail the test if there are any errors.
+ terraform.InitAndApply(t, terraformOptions)
+
+ // website::tag::3:: Run `terraform output` to get the values of output variables and check they have the expected values.
+ actualKafkaTopic := terraform.Output(t, terraformOptions, "kafka_topic_manifest")
+ actualOtherKafkaTopic := terraform.Output(t, terraformOptions, "other_kafka_topic_manifest")
+
+ expectedKafkaTopic := "map[apiVersion:platform.confluent.io/v1beta1 kind:KafkaTopic metadata:map[name:my-topic namespace:confluent] spec:map[configs:map[cleanup.policy:delete] partitionCount:3 replicas:3]]"
+ expectedOtherKafkaTopic := "map[apiVersion:platform.confluent.io/v1beta1 kind:KafkaTopic metadata:map[name:my-other-topic namespace:confluent] spec:map[configs:map[cleanup.policy:compact] kafkaRest:map[endpoint:http://kafka.confluent.svc.cluster.local:8090] partitionCount:4 replicas:3]]"
+
+ assert.Equal(t, expectedKafkaTopic, actualKafkaTopic, "Map %q should match %q", expectedKafkaTopic, actualKafkaTopic)
+ assert.Equal(t, expectedOtherKafkaTopic, actualOtherKafkaTopic, "Map %q should match %q", expectedOtherKafkaTopic, actualOtherKafkaTopic)
+}
diff --git a/test/terraform_kafka_topics_test.log b/test/terraform_kafka_topics_test.log
new file mode 100644
index 0000000..5e09950
--- /dev/null
+++ b/test/terraform_kafka_topics_test.log
@@ -0,0 +1,582 @@
+=== RUN TestTerraformKafkaTopicsExample
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:29Z retry.go:91: terraform [init -upgrade=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:29Z logger.go:66: Running command terraform with args [init -upgrade=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:29Z logger.go:66: �[0m�[1mInitializing modules...�[0m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66: �[0m�[1mInitializing the backend...�[0m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66: �[0m�[1mInitializing provider plugins...�[0m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66: - Reusing previous version of hashicorp/helm from the dependency lock file
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:30Z logger.go:66: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: - Using previously-installed hashicorp/helm v2.6.0
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: - Using previously-installed hashicorp/kubernetes v2.12.1
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: �[0m�[1m�[32mTerraform has been successfully initialized!�[0m�[32m�[0m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: �[0m�[32m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: You may now begin working with Terraform. Try running "terraform plan" to see
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: any changes that are required for your infrastructure. All Terraform commands
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: should now work.
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: If you ever set or change modules or backend configuration for Terraform,
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: rerun this command to reinitialize your working directory. If you forget, other
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: commands will detect it and remind you to do so if necessary.�[0m
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z retry.go:91: terraform [apply -input=false -auto-approve -no-color -lock=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:31Z logger.go:66: Running command terraform with args [apply -input=false -auto-approve -no-color -lock=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: Terraform used the selected providers to generate the following execution
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: plan. Resource actions are indicated with the following symbols:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + create
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: Terraform will perform the following actions:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: # module.kafka_topic.kubernetes_manifest.topic will be created
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + resource "kubernetes_manifest" "topic" {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + computed_fields = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "metadata.finalizers",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: ]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + object = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + annotations = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + clusterName = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + finalizers = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + generateName = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + generation = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + labels = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + managedFields = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + selfLink = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + uid = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaClusterRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + authentication = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + basic = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + debug = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + roles = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + bearer = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + type = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + endpoint = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaClusterID = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + tls = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + jksPassword = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRestClassRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + timeouts {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + create = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + delete = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + update = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + wait {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + fields = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "status.state" = "CREATED"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: # module.other_kafka_topic.kubernetes_manifest.topic will be created
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + resource "kubernetes_manifest" "topic" {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + computed_fields = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "metadata.finalizers",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: ]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + object = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + annotations = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + clusterName = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + creationTimestamp = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + deletionGracePeriodSeconds = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + deletionTimestamp = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + finalizers = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + generateName = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + generation = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + labels = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + managedFields = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + ownerReferences = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + resourceVersion = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + selfLink = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + uid = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaClusterRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + authentication = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + basic = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + debug = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + restrictedRoles = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + roles = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + bearer = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + type = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaClusterID = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + tls = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + directoryPathInContainer = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + jksPassword = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + secretRef = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRestClassRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = (known after apply)
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + timeouts {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + create = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + delete = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + update = "5m"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + wait {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + fields = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "status.state" = "CREATED"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: Plan: 2 to add, 0 to change, 0 to destroy.
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: Changes to Outputs:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + other_kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: + replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:34Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:36Z logger.go:66: module.other_kafka_topic.kubernetes_manifest.topic: Creating...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:36Z logger.go:66: module.kafka_topic.kubernetes_manifest.topic: Creating...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:37Z logger.go:66: module.other_kafka_topic.kubernetes_manifest.topic: Creation complete after 0s
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: module.kafka_topic.kubernetes_manifest.topic: Creation complete after 1s
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: Outputs:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "kind" = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "metadata" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "name" = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "namespace" = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "spec" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "configs" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "partitionCount" = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "replicas" = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: other_kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "apiVersion" = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "kind" = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "metadata" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "name" = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "namespace" = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "spec" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "configs" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "kafkaRest" = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "endpoint" = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "partitionCount" = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: "replicas" = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z retry.go:91: terraform [output -no-color -json kafka_topic_manifest]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: Running command terraform with args [output -no-color -json kafka_topic_manifest]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: {"apiVersion":"platform.confluent.io/v1beta1","kind":"KafkaTopic","metadata":{"name":"my-topic","namespace":"confluent"},"spec":{"configs":{"cleanup.policy":"delete"},"partitionCount":3,"replicas":3}}
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z retry.go:91: terraform [output -no-color -json other_kafka_topic_manifest]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:38Z logger.go:66: Running command terraform with args [output -no-color -json other_kafka_topic_manifest]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:39Z logger.go:66: {"apiVersion":"platform.confluent.io/v1beta1","kind":"KafkaTopic","metadata":{"name":"my-other-topic","namespace":"confluent"},"spec":{"configs":{"cleanup.policy":"compact"},"kafkaRest":{"endpoint":"http://kafka.confluent.svc.cluster.local:8090"},"partitionCount":4,"replicas":3}}
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:39Z retry.go:91: terraform [destroy -auto-approve -input=false -no-color -lock=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:39Z logger.go:66: Running command terraform with args [destroy -auto-approve -input=false -no-color -lock=false]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:42Z logger.go:66: module.kafka_topic.kubernetes_manifest.topic: Refreshing state...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:42Z logger.go:66: module.other_kafka_topic.kubernetes_manifest.topic: Refreshing state...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: Terraform used the selected providers to generate the following execution
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: plan. Resource actions are indicated with the following symbols:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - destroy
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: Terraform will perform the following actions:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: # module.kafka_topic.kubernetes_manifest.topic will be destroyed
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - resource "kubernetes_manifest" "topic" {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - computed_fields = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "metadata.finalizers",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: ] -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - object = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - annotations = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "platform.confluent.io/last-spec-hash" = "7i6/qOJHLetfg5ZGkh0Cl1rS/27WOe+EQCiKKuet8rE="
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - clusterName = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - creationTimestamp = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - deletionTimestamp = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - finalizers = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "kafkatopic.finalizers.platform.confluent.io",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: ]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - generateName = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - generation = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - labels = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - managedFields = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - ownerReferences = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - blockOwnerDeletion = true
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - controller = true
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "Kafka"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "kafka"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - uid = "8950f5d5-48e0-4571-92ce-d05ed7057da9"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: },
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: ]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - resourceVersion = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - selfLink = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - uid = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaClusterRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - authentication = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - basic = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - debug = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - restrictedRoles = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - roles = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - bearer = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - type = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - endpoint = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaClusterID = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - tls = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - jksPassword = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRestClassRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - timeouts {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - create = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - delete = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - update = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - wait {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - fields = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "status.state" = "CREATED"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: # module.other_kafka_topic.kubernetes_manifest.topic will be destroyed
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - resource "kubernetes_manifest" "topic" {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - computed_fields = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "metadata.finalizers",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: ] -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - object = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - annotations = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "platform.confluent.io/last-spec-hash" = "lEw7UWAqvLDY5+mAtzYZa7+U8qQNJiQxZoGr1dLo55w="
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - clusterName = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - creationTimestamp = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - deletionGracePeriodSeconds = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - deletionTimestamp = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - finalizers = [
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "kafkatopic.finalizers.platform.confluent.io",
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: ]
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - generateName = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - generation = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - labels = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - managedFields = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - ownerReferences = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - resourceVersion = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - selfLink = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - uid = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaClusterRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - authentication = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - basic = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - debug = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - restrictedRoles = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - roles = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - bearer = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - type = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaClusterID = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - tls = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - directoryPathInContainer = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - jksPassword = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - secretRef = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRestClassRef = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - timeouts {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - create = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - delete = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - update = "5m" -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - wait {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - fields = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "status.state" = "CREATED"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: Plan: 0 to add, 0 to change, 2 to destroy.
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: Changes to Outputs:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "delete"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - other_kafka_topic_manifest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - apiVersion = "platform.confluent.io/v1beta1"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kind = "KafkaTopic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - metadata = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - name = "my-other-topic"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - namespace = "confluent"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - spec = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - configs = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - "cleanup.policy" = "compact"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - kafkaRest = {
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - endpoint = "http://kafka.confluent.svc.cluster.local:8090"
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - partitionCount = 4
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: - replicas = 3
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: }
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:43Z logger.go:66: } -> null
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:46Z logger.go:66: module.kafka_topic.kubernetes_manifest.topic: Destroying...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:46Z logger.go:66: module.other_kafka_topic.kubernetes_manifest.topic: Destroying...
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:47Z logger.go:66: module.kafka_topic.kubernetes_manifest.topic: Destruction complete after 1s
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:47Z logger.go:66: module.other_kafka_topic.kubernetes_manifest.topic: Destruction complete after 1s
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:47Z logger.go:66:
+TestTerraformKafkaTopicsExample 2022-07-31T19:25:47Z logger.go:66: Destroy complete! Resources: 2 destroyed.
+--- PASS: TestTerraformKafkaTopicsExample (17.41s)
+PASS
+ok command-line-arguments 17.432s
diff --git a/variables.tf b/variables.tf
index 2fea6ca..74306aa 100644
--- a/variables.tf
+++ b/variables.tf
@@ -23,7 +23,7 @@ variable "confluent_operator" {
# Confluent Platform
################################################################################
variable "confluent_operator_app_version" {
- description = "The default Confluent Operator app version. This may be overriden by component override values. This version must be compatible with the`confluent_platform_version`. Please see confluent docs for more information: https://docs.confluent.io/platform/current/installation/versions-interoperability.html#confluent-operator"
+ description = "The default Confluent Operator app version. This may be overriden by component override values. This version must be compatible with the `confluent_platform_version`. Please see confluent docs for more information: https://docs.confluent.io/platform/current/installation/versions-interoperability.html#confluent-operator"
type = string
default = "2.4.0"
}
@@ -118,6 +118,12 @@ variable "kafkarestproxy" {
default = {}
}
+variable "kafka_topics" {
+ description = "The Kafka Topics to create."
+ type = any
+ default = []
+}
+
variable "create_timeout" {
description = "The create timeout for each Conlfuent Platform component."
type = string