diff --git a/apis/installer/v1alpha1/openfga_types.go b/apis/installer/v1alpha1/openfga_types.go index fcd99862f..cdbf41c22 100644 --- a/apis/installer/v1alpha1/openfga_types.go +++ b/apis/installer/v1alpha1/openfga_types.go @@ -65,67 +65,74 @@ type OpenfgaServiceSpec struct { // OpenfgaSpec is the schema for Openfga Operator values file type OpenfgaSpec struct { - ReplicaCount int `json:"replicaCount"` - Image OpenfgaImageReference `json:"image"` - ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"` - NameOverride string `json:"nameOverride"` - FullnameOverride string `json:"fullnameOverride"` - CommonLabels map[string]string `json:"commonLabels"` - ServiceAccount OpenfgaServiceAccountSpec `json:"serviceAccount"` - Annotations map[string]string `json:"annotations"` - PodAnnotations map[string]string `json:"podAnnotations"` - PodExtraLabels map[string]string `json:"podExtraLabels"` - ExtraEnvVars []core.EnvVar `json:"extraEnvVars"` - ExtraVolumes []core.Volume `json:"extraVolumes"` - ExtraVolumeMounts []core.VolumeMount `json:"extraVolumeMounts"` - ExtraInitContainers []core.Container `json:"extraInitContainers"` - PodSecurityContext core.PodSecurityContext `json:"podSecurityContext"` - SecurityContext core.SecurityContext `json:"securityContext"` - InitContainer OpenfgaImageReference `json:"initContainer"` - LivenessProbe OpenfgaProbe `json:"livenessProbe"` - ReadinessProbe OpenfgaProbe `json:"readinessProbe"` - StartupProbe OpenfgaProbe `json:"startupProbe"` - CustomLivenessProbe core.Probe `json:"customLivenessProbe"` - CustomReadinessProbe core.Probe `json:"customReadinessProbe"` - CustomStartupProbe core.Probe `json:"customStartupProbe"` - Service OpenfgaServiceSpec `json:"service"` - Telemetry OpenfgaTelemetry `json:"telemetry"` - Datastore OpenfgaDatastore `json:"datastore"` - Postgresql OpenfgaPostgresql `json:"postgresql"` - Mysql OpenfgaMysql `json:"mysql"` - Grpc OpenfgaGrpc `json:"grpc"` - Http OpenfgaHttp `json:"http"` - Authn OpenfgaAuthn `json:"authn"` - Playground OpenfgaPlayground `json:"playground"` - Profiler OpenfgaProfiler `json:"profiler"` - Log OpenfgaLog `json:"log"` - CheckQueryCache OpenfgaCheckQueryCache `json:"checkQueryCache"` - Experimentals []string `json:"experimentals"` - MaxTuplesPerWrite *int `json:"maxTuplesPerWrite"` - MaxTypesPerAuthorizationModel *int `json:"maxTypesPerAuthorizationModel"` - MaxAuthorizationModelSizeInBytes *int `json:"maxAuthorizationModelSizeInBytes"` - MaxConcurrentReadsForCheck *int `json:"maxConcurrentReadsForCheck"` - MaxConcurrentReadsForListObjects *int `json:"maxConcurrentReadsForListObjects"` - ChangelogHorizonOffset *string `json:"changelogHorizonOffset"` - ResolveNodeLimit *int `json:"resolveNodeLimit"` - ResolveNodeBreadthLimit *int `json:"resolveNodeBreadthLimit"` - ListObjectsDeadline *string `json:"listObjectsDeadline"` - ListObjectsMaxResults *int `json:"listObjectsMaxResults"` - ListUsersDeadline *string `json:"listUsersDeadline"` - ListUsersMaxResults *int `json:"listUsersMaxResults"` - MaxConcurrentReadsForListUsers *int `json:"maxConcurrentReadsForListUsers"` - RequestDurationDatastoreQueryCountBuckets []int `json:"requestDurationDatastoreQueryCountBuckets"` - AllowWriting10Models *string `json:"allowWriting1_0Models"` - AllowEvaluating10Models *string `json:"allowEvaluating1_0Models"` - Ingress AppIngress `json:"ingress"` - Resources core.ResourceRequirements `json:"resources"` - Autoscaling AutoscalingSpec `json:"autoscaling"` - NodeSelector map[string]string `json:"nodeSelector"` - Tolerations []core.Toleration `json:"tolerations"` - Affinity core.Affinity `json:"affinity"` - Sidecars []core.Container `json:"sidecars"` - Migrate OpenfgaMigrate `json:"migrate"` - ExtraObjects []runtime.RawExtension `json:"extraObjects"` + ReplicaCount int `json:"replicaCount"` + Image OpenfgaImageReference `json:"image"` + ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"` + NameOverride string `json:"nameOverride"` + FullnameOverride string `json:"fullnameOverride"` + CommonLabels map[string]string `json:"commonLabels"` + ServiceAccount OpenfgaServiceAccountSpec `json:"serviceAccount"` + Annotations map[string]string `json:"annotations"` + PodAnnotations map[string]string `json:"podAnnotations"` + PodExtraLabels map[string]string `json:"podExtraLabels"` + ExtraEnvVars []core.EnvVar `json:"extraEnvVars"` + ExtraVolumes []core.Volume `json:"extraVolumes"` + ExtraVolumeMounts []core.VolumeMount `json:"extraVolumeMounts"` + ExtraInitContainers []core.Container `json:"extraInitContainers"` + PodSecurityContext core.PodSecurityContext `json:"podSecurityContext"` + SecurityContext core.SecurityContext `json:"securityContext"` + InitContainer OpenfgaImageReference `json:"initContainer"` + LivenessProbe OpenfgaProbe `json:"livenessProbe"` + ReadinessProbe OpenfgaProbe `json:"readinessProbe"` + StartupProbe OpenfgaProbe `json:"startupProbe"` + CustomLivenessProbe core.Probe `json:"customLivenessProbe"` + CustomReadinessProbe core.Probe `json:"customReadinessProbe"` + CustomStartupProbe core.Probe `json:"customStartupProbe"` + Service OpenfgaServiceSpec `json:"service"` + Telemetry OpenfgaTelemetry `json:"telemetry"` + Datastore OpenfgaDatastore `json:"datastore"` + Postgresql OpenfgaPostgresql `json:"postgresql"` + Mysql OpenfgaMysql `json:"mysql"` + Grpc OpenfgaGrpc `json:"grpc"` + Http OpenfgaHttp `json:"http"` + Authn OpenfgaAuthn `json:"authn"` + Playground OpenfgaPlayground `json:"playground"` + Profiler OpenfgaProfiler `json:"profiler"` + Log OpenfgaLog `json:"log"` + CheckQueryCache OpenfgaCheckQueryCache `json:"checkQueryCache"` + Experimentals []string `json:"experimentals"` + MaxTuplesPerWrite *int `json:"maxTuplesPerWrite"` + MaxTypesPerAuthorizationModel *int `json:"maxTypesPerAuthorizationModel"` + MaxAuthorizationModelSizeInBytes *int `json:"maxAuthorizationModelSizeInBytes"` + MaxConcurrentReadsForCheck *int `json:"maxConcurrentReadsForCheck"` + MaxConcurrentReadsForListObjects *int `json:"maxConcurrentReadsForListObjects"` + MaxChecksPerBatchCheck *int `json:"maxChecksPerBatchCheck"` + MaxConcurrentChecksPerBatchCheck *int `json:"maxConcurrentChecksPerBatchCheck"` + ChangelogHorizonOffset *string `json:"changelogHorizonOffset"` + ResolveNodeLimit *int `json:"resolveNodeLimit"` + ResolveNodeBreadthLimit *int `json:"resolveNodeBreadthLimit"` + ListObjectsDeadline *string `json:"listObjectsDeadline"` + ListObjectsMaxResults *int `json:"listObjectsMaxResults"` + ListUsersDeadline *string `json:"listUsersDeadline"` + ListUsersMaxResults *int `json:"listUsersMaxResults"` + RequestTimeout *string `json:"requestTimeout"` + MaxConcurrentReadsForListUsers *int `json:"maxConcurrentReadsForListUsers"` + RequestDurationDatastoreQueryCountBuckets []int `json:"requestDurationDatastoreQueryCountBuckets"` + AllowWriting10Models *string `json:"allowWriting1_0Models"` + AllowEvaluating10Models *string `json:"allowEvaluating1_0Models"` + Ingress AppIngress `json:"ingress"` + Resources core.ResourceRequirements `json:"resources"` + Autoscaling AutoscalingSpec `json:"autoscaling"` + NodeSelector map[string]string `json:"nodeSelector"` + Tolerations []core.Toleration `json:"tolerations"` + TopologySpreadConstraints []core.TopologySpreadConstraint `json:"topologySpreadConstraints"` + Affinity core.Affinity `json:"affinity"` + Lifecycle core.Lifecycle `json:"lifecycle"` + Sidecars []core.Container `json:"sidecars"` + Migrate OpenfgaMigrate `json:"migrate"` + TestContainerSpec *runtime.RawExtension `json:"testContainerSpec"` + TestPodSpec *runtime.RawExtension `json:"testPodSpec"` + ExtraObjects []runtime.RawExtension `json:"extraObjects"` } type OpenfgaProbe struct { Enabled bool `json:"enabled"` @@ -175,19 +182,29 @@ type OpenfgaTrace struct { } type OpenfgaDatastore struct { - Engine string `json:"engine"` - Uri *string `json:"uri"` - UriSecret *string `json:"uriSecret"` - MaxCacheSize *string `json:"maxCacheSize"` - MaxOpenConns *string `json:"maxOpenConns"` - MaxIdleConns *string `json:"maxIdleConns"` - ConnMaxIdleTime *string `json:"connMaxIdleTime"` - ConnMaxLifetime *string `json:"connMaxLifetime"` - ApplyMigrations bool `json:"applyMigrations"` - WaitForMigrations bool `json:"waitForMigrations"` - MigrationType string `json:"migrationType"` - Metrics *OpenfgaDatastoreMetrics `json:"metrics,omitempty"` - Migrations OpenfgaMigrations `json:"migrations"` + Engine string `json:"engine"` + Uri *string `json:"uri"` + UriSecret *string `json:"uriSecret"` + Username *string `json:"username"` + Password *string `json:"password"` + ExistingSecret *string `json:"existingSecret"` + SecretKeys OpenfgaDatastoreSecretKeys `json:"secretKeys"` + MaxCacheSize *string `json:"maxCacheSize"` + MaxOpenConns *string `json:"maxOpenConns"` + MaxIdleConns *string `json:"maxIdleConns"` + ConnMaxIdleTime *string `json:"connMaxIdleTime"` + ConnMaxLifetime *string `json:"connMaxLifetime"` + ApplyMigrations bool `json:"applyMigrations"` + WaitForMigrations bool `json:"waitForMigrations"` + MigrationType string `json:"migrationType"` + Metrics *OpenfgaDatastoreMetrics `json:"metrics,omitempty"` + Migrations OpenfgaMigrations `json:"migrations"` +} + +type OpenfgaDatastoreSecretKeys struct { + UriKey *string `json:"uriKey"` + UsernameKey *string `json:"usernameKey"` + PasswordKey *string `json:"passwordKey"` } type OpenfgaDatastoreMetrics struct { @@ -208,8 +225,15 @@ type OpenfgaMysql struct { } type OpenfgaGrpc struct { - Addr string `json:"addr"` - Tls OpenfgaTls `json:"tls"` + Addr string `json:"addr"` + Tls OpenfgaGrpcTls `json:"tls"` +} + +type OpenfgaGrpcTls struct { + Enabled bool `json:"enabled"` + Cert *string `json:"cert"` + Key *string `json:"key"` + CA *string `json:"ca"` } type OpenfgaHttp struct { @@ -228,7 +252,8 @@ type OpenfgaAuthn struct { } type OpenfgaPreshared struct { - Keys []string `json:"keys"` + Keys []string `json:"keys"` + KeysSecret *string `json:"keysSecret"` } type OpenfgaOidc struct { @@ -268,6 +293,7 @@ type OpenfgaMigrate struct { ExtraVolumes []core.Volume `json:"extraVolumes"` ExtraVolumeMounts []core.VolumeMount `json:"extraVolumeMounts"` Sidecars []core.Container `json:"sidecars"` + ExtraInitContainers []core.Container `json:"extraInitContainers"` Annotations map[string]*string `json:"annotations"` Labels map[string]*string `json:"labels"` Timeout *string `json:"timeout"` diff --git a/apis/installer/v1alpha1/types_test.go b/apis/installer/v1alpha1/types_test.go index fbc72b46e..126dbff29 100644 --- a/apis/installer/v1alpha1/types_test.go +++ b/apis/installer/v1alpha1/types_test.go @@ -71,7 +71,7 @@ func TestDefaultValues(t *testing.T) { sc.TestCase{Obj: v1alpha1.StashPresetsSpec{}}, sc.TestCase{Obj: v1alpha1.WebsiteSpec{}}, sc.TestCase{Obj: v1alpha1.NatsSpec{}, File: "https://github.com/nats-io/k8s/raw/nats-0.19.17/helm/charts/nats/values.yaml"}, - sc.TestCase{Obj: v1alpha1.OpenfgaSpec{}, File: "https://github.com/tamalsaha/openfga-helm-charts/raw/release-0.2.22/charts/openfga/values.yaml"}, + sc.TestCase{Obj: v1alpha1.OpenfgaSpec{}, File: "https://github.com/kubeops/openfga-helm-charts/raw/release-0.2.52/charts/openfga/values.yaml"}, sc.TestCase{Obj: v1alpha1.ReloaderSpec{}, File: "https://github.com/stakater/Reloader/raw/v1.0.79/deployments/kubernetes/chart/reloader/values.yaml"}, ) checker.TestAll(t) diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go index 74656e26d..70f88104e 100644 --- a/apis/installer/v1alpha1/zz_generated.deepcopy.go +++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go @@ -7573,6 +7573,22 @@ func (in *OpenfgaDatastore) DeepCopyInto(out *OpenfgaDatastore) { *out = new(string) **out = **in } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(string) + **out = **in + } + if in.ExistingSecret != nil { + in, out := &in.ExistingSecret, &out.ExistingSecret + *out = new(string) + **out = **in + } + in.SecretKeys.DeepCopyInto(&out.SecretKeys) if in.MaxCacheSize != nil { in, out := &in.MaxCacheSize, &out.MaxCacheSize *out = new(string) @@ -7631,6 +7647,36 @@ func (in *OpenfgaDatastoreMetrics) DeepCopy() *OpenfgaDatastoreMetrics { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenfgaDatastoreSecretKeys) DeepCopyInto(out *OpenfgaDatastoreSecretKeys) { + *out = *in + if in.UriKey != nil { + in, out := &in.UriKey, &out.UriKey + *out = new(string) + **out = **in + } + if in.UsernameKey != nil { + in, out := &in.UsernameKey, &out.UsernameKey + *out = new(string) + **out = **in + } + if in.PasswordKey != nil { + in, out := &in.PasswordKey, &out.PasswordKey + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenfgaDatastoreSecretKeys. +func (in *OpenfgaDatastoreSecretKeys) DeepCopy() *OpenfgaDatastoreSecretKeys { + if in == nil { + return nil + } + out := new(OpenfgaDatastoreSecretKeys) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenfgaGrpc) DeepCopyInto(out *OpenfgaGrpc) { *out = *in @@ -7647,6 +7693,36 @@ func (in *OpenfgaGrpc) DeepCopy() *OpenfgaGrpc { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenfgaGrpcTls) DeepCopyInto(out *OpenfgaGrpcTls) { + *out = *in + if in.Cert != nil { + in, out := &in.Cert, &out.Cert + *out = new(string) + **out = **in + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenfgaGrpcTls. +func (in *OpenfgaGrpcTls) DeepCopy() *OpenfgaGrpcTls { + if in == nil { + return nil + } + out := new(OpenfgaGrpcTls) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenfgaHttp) DeepCopyInto(out *OpenfgaHttp) { *out = *in @@ -7792,6 +7868,13 @@ func (in *OpenfgaMigrate) DeepCopyInto(out *OpenfgaMigrate) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExtraInitContainers != nil { + in, out := &in.ExtraInitContainers, &out.ExtraInitContainers + *out = make([]v1.Container, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Annotations != nil { in, out := &in.Annotations, &out.Annotations *out = make(map[string]*string, len(*in)) @@ -7973,6 +8056,11 @@ func (in *OpenfgaPreshared) DeepCopyInto(out *OpenfgaPreshared) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.KeysSecret != nil { + in, out := &in.KeysSecret, &out.KeysSecret + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenfgaPreshared. @@ -8234,6 +8322,16 @@ func (in *OpenfgaSpec) DeepCopyInto(out *OpenfgaSpec) { *out = new(int) **out = **in } + if in.MaxChecksPerBatchCheck != nil { + in, out := &in.MaxChecksPerBatchCheck, &out.MaxChecksPerBatchCheck + *out = new(int) + **out = **in + } + if in.MaxConcurrentChecksPerBatchCheck != nil { + in, out := &in.MaxConcurrentChecksPerBatchCheck, &out.MaxConcurrentChecksPerBatchCheck + *out = new(int) + **out = **in + } if in.ChangelogHorizonOffset != nil { in, out := &in.ChangelogHorizonOffset, &out.ChangelogHorizonOffset *out = new(string) @@ -8269,6 +8367,11 @@ func (in *OpenfgaSpec) DeepCopyInto(out *OpenfgaSpec) { *out = new(int) **out = **in } + if in.RequestTimeout != nil { + in, out := &in.RequestTimeout, &out.RequestTimeout + *out = new(string) + **out = **in + } if in.MaxConcurrentReadsForListUsers != nil { in, out := &in.MaxConcurrentReadsForListUsers, &out.MaxConcurrentReadsForListUsers *out = new(int) @@ -8306,7 +8409,15 @@ func (in *OpenfgaSpec) DeepCopyInto(out *OpenfgaSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } in.Affinity.DeepCopyInto(&out.Affinity) + in.Lifecycle.DeepCopyInto(&out.Lifecycle) if in.Sidecars != nil { in, out := &in.Sidecars, &out.Sidecars *out = make([]v1.Container, len(*in)) @@ -8315,6 +8426,16 @@ func (in *OpenfgaSpec) DeepCopyInto(out *OpenfgaSpec) { } } in.Migrate.DeepCopyInto(&out.Migrate) + if in.TestContainerSpec != nil { + in, out := &in.TestContainerSpec, &out.TestContainerSpec + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } + if in.TestPodSpec != nil { + in, out := &in.TestPodSpec, &out.TestPodSpec + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } if in.ExtraObjects != nil { in, out := &in.ExtraObjects, &out.ExtraObjects *out = make([]runtime.RawExtension, len(*in)) diff --git a/catalog/ace.yaml b/catalog/ace.yaml index 5ec62242a..efded1514 100644 --- a/catalog/ace.yaml +++ b/catalog/ace.yaml @@ -9,7 +9,7 @@ - ghcr.io/appscode-charts/ace:v2026.1.15 - ghcr.io/appscode-charts/service-gateway:v2026.1.15 - ghcr.io/appscode-charts/spoke-cluster-addons:v2024.7.10 -- ghcr.io/appscode-images/ingress-nginx-controller:v1.11.1 +- ghcr.io/appscode-images/ingress-nginx-controller:v1.14.3 - ghcr.io/appscode-images/nats:2.10.24-alpine - ghcr.io/appscode-images/postgres:16.4-alpine - ghcr.io/appscode-images/redis:7.2.4-bookworm @@ -41,7 +41,7 @@ - ghcr.io/appscode/kubedb-ui:2.0.0 - ghcr.io/appscode/license-proxyserver:v0.0.26 - ghcr.io/appscode/maxmind-geoip:city-mmdb-latest -- ghcr.io/appscode/openfga:v1.9.5 +- ghcr.io/appscode/openfga:v1.11.3 - ghcr.io/appscode/operator-shard-manager:v0.0.1 - ghcr.io/appscode/panopticon:v0.0.16 - ghcr.io/appscode/petset:v0.0.16 diff --git a/catalog/copy-images.sh b/catalog/copy-images.sh index ec645d514..46bb99492 100755 --- a/catalog/copy-images.sh +++ b/catalog/copy-images.sh @@ -298,7 +298,7 @@ $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/va $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/virtual-secrets-server:v2025.3.14 $IMAGE_REGISTRY/appscode-charts/virtual-secrets-server:v2025.3.14 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/voyager-gateway:v2026.1.15 $IMAGE_REGISTRY/appscode-charts/voyager-gateway:v2026.1.15 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/voyager:v2025.9.19 $IMAGE_REGISTRY/appscode-charts/voyager:v2025.9.19 -$CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/ingress-nginx-controller:v1.11.1 $IMAGE_REGISTRY/appscode-images/ingress-nginx-controller:v1.11.1 +$CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/ingress-nginx-controller:v1.14.3 $IMAGE_REGISTRY/appscode-images/ingress-nginx-controller:v1.14.3 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/nats:2.10.24-alpine $IMAGE_REGISTRY/appscode-images/nats:2.10.24-alpine $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/postgres:16.4-alpine $IMAGE_REGISTRY/appscode-images/postgres:16.4-alpine $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/redis:7.2.4-bookworm $IMAGE_REGISTRY/appscode-images/redis:7.2.4-bookworm @@ -330,7 +330,7 @@ $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/kubectl-n $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/kubedb-ui:2.0.0 $IMAGE_REGISTRY/appscode/kubedb-ui:2.0.0 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/license-proxyserver:v0.0.26 $IMAGE_REGISTRY/appscode/license-proxyserver:v0.0.26 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/maxmind-geoip:city-mmdb-latest $IMAGE_REGISTRY/appscode/maxmind-geoip:city-mmdb-latest -$CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/openfga:v1.9.5 $IMAGE_REGISTRY/appscode/openfga:v1.9.5 +$CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/openfga:v1.11.3 $IMAGE_REGISTRY/appscode/openfga:v1.11.3 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/operator-shard-manager:v0.0.1 $IMAGE_REGISTRY/appscode/operator-shard-manager:v0.0.1 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/panopticon:v0.0.16 $IMAGE_REGISTRY/appscode/panopticon:v0.0.16 $CMD cp --allow-nondistributable-artifacts --insecure ghcr.io/appscode/petset:v0.0.16 $IMAGE_REGISTRY/appscode/petset:v0.0.16 diff --git a/catalog/export-images.sh b/catalog/export-images.sh index 4809bf234..f65bd809d 100755 --- a/catalog/export-images.sh +++ b/catalog/export-images.sh @@ -295,7 +295,7 @@ $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/ $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/virtual-secrets-server:v2025.3.14 images/appscode-charts-virtual-secrets-server-v2025.3.14.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/voyager-gateway:v2026.1.15 images/appscode-charts-voyager-gateway-v2026.1.15.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-charts/voyager:v2025.9.19 images/appscode-charts-voyager-v2025.9.19.tar -$CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/ingress-nginx-controller:v1.11.1 images/appscode-images-ingress-nginx-controller-v1.11.1.tar +$CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/ingress-nginx-controller:v1.14.3 images/appscode-images-ingress-nginx-controller-v1.14.3.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/nats:2.10.24-alpine images/appscode-images-nats-2.10.24-alpine.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/postgres:16.4-alpine images/appscode-images-postgres-16.4-alpine.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode-images/redis:7.2.4-bookworm images/appscode-images-redis-7.2.4-bookworm.tar @@ -327,7 +327,7 @@ $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/kubectl $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/kubedb-ui:2.0.0 images/appscode-kubedb-ui-2.0.0.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/license-proxyserver:v0.0.26 images/appscode-license-proxyserver-v0.0.26.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/maxmind-geoip:city-mmdb-latest images/appscode-maxmind-geoip-city-mmdb-latest.tar -$CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/openfga:v1.9.5 images/appscode-openfga-v1.9.5.tar +$CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/openfga:v1.11.3 images/appscode-openfga-v1.11.3.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/operator-shard-manager:v0.0.1 images/appscode-operator-shard-manager-v0.0.1.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/panopticon:v0.0.16 images/appscode-panopticon-v0.0.16.tar $CMD pull --allow-nondistributable-artifacts --insecure ghcr.io/appscode/petset:v0.0.16 images/appscode-petset-v0.0.16.tar diff --git a/catalog/import-images.sh b/catalog/import-images.sh index a4ded8afe..859a9251f 100755 --- a/catalog/import-images.sh +++ b/catalog/import-images.sh @@ -289,7 +289,7 @@ $CMD push --allow-nondistributable-artifacts --insecure images/appscode-charts-v $CMD push --allow-nondistributable-artifacts --insecure images/appscode-charts-virtual-secrets-server-v2025.3.14.tar $IMAGE_REGISTRY/appscode-charts/virtual-secrets-server:v2025.3.14 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-charts-voyager-gateway-v2026.1.15.tar $IMAGE_REGISTRY/appscode-charts/voyager-gateway:v2026.1.15 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-charts-voyager-v2025.9.19.tar $IMAGE_REGISTRY/appscode-charts/voyager:v2025.9.19 -$CMD push --allow-nondistributable-artifacts --insecure images/appscode-images-ingress-nginx-controller-v1.11.1.tar $IMAGE_REGISTRY/appscode-images/ingress-nginx-controller:v1.11.1 +$CMD push --allow-nondistributable-artifacts --insecure images/appscode-images-ingress-nginx-controller-v1.14.3.tar $IMAGE_REGISTRY/appscode-images/ingress-nginx-controller:v1.14.3 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-images-nats-2.10.24-alpine.tar $IMAGE_REGISTRY/appscode-images/nats:2.10.24-alpine $CMD push --allow-nondistributable-artifacts --insecure images/appscode-images-postgres-16.4-alpine.tar $IMAGE_REGISTRY/appscode-images/postgres:16.4-alpine $CMD push --allow-nondistributable-artifacts --insecure images/appscode-images-redis-7.2.4-bookworm.tar $IMAGE_REGISTRY/appscode-images/redis:7.2.4-bookworm @@ -321,7 +321,7 @@ $CMD push --allow-nondistributable-artifacts --insecure images/appscode-kubectl- $CMD push --allow-nondistributable-artifacts --insecure images/appscode-kubedb-ui-2.0.0.tar $IMAGE_REGISTRY/appscode/kubedb-ui:2.0.0 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-license-proxyserver-v0.0.26.tar $IMAGE_REGISTRY/appscode/license-proxyserver:v0.0.26 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-maxmind-geoip-city-mmdb-latest.tar $IMAGE_REGISTRY/appscode/maxmind-geoip:city-mmdb-latest -$CMD push --allow-nondistributable-artifacts --insecure images/appscode-openfga-v1.9.5.tar $IMAGE_REGISTRY/appscode/openfga:v1.9.5 +$CMD push --allow-nondistributable-artifacts --insecure images/appscode-openfga-v1.11.3.tar $IMAGE_REGISTRY/appscode/openfga:v1.11.3 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-operator-shard-manager-v0.0.1.tar $IMAGE_REGISTRY/appscode/operator-shard-manager:v0.0.1 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-panopticon-v0.0.16.tar $IMAGE_REGISTRY/appscode/panopticon:v0.0.16 $CMD push --allow-nondistributable-artifacts --insecure images/appscode-petset-v0.0.16.tar $IMAGE_REGISTRY/appscode/petset:v0.0.16 diff --git a/catalog/import-into-k3s.sh b/catalog/import-into-k3s.sh index 6e0a5ff94..ffd86b267 100755 --- a/catalog/import-into-k3s.sh +++ b/catalog/import-into-k3s.sh @@ -287,7 +287,7 @@ k3s ctr images import images/appscode-charts-vault-0.27.0.tar k3s ctr images import images/appscode-charts-virtual-secrets-server-v2025.3.14.tar k3s ctr images import images/appscode-charts-voyager-gateway-v2026.1.15.tar k3s ctr images import images/appscode-charts-voyager-v2025.9.19.tar -k3s ctr images import images/appscode-images-ingress-nginx-controller-v1.11.1.tar +k3s ctr images import images/appscode-images-ingress-nginx-controller-v1.14.3.tar k3s ctr images import images/appscode-images-nats-2.10.24-alpine.tar k3s ctr images import images/appscode-images-postgres-16.4-alpine.tar k3s ctr images import images/appscode-images-redis-7.2.4-bookworm.tar @@ -319,7 +319,7 @@ k3s ctr images import images/appscode-kubectl-nonroot-1.34.tar k3s ctr images import images/appscode-kubedb-ui-2.0.0.tar k3s ctr images import images/appscode-license-proxyserver-v0.0.26.tar k3s ctr images import images/appscode-maxmind-geoip-city-mmdb-latest.tar -k3s ctr images import images/appscode-openfga-v1.9.5.tar +k3s ctr images import images/appscode-openfga-v1.11.3.tar k3s ctr images import images/appscode-operator-shard-manager-v0.0.1.tar k3s ctr images import images/appscode-panopticon-v0.0.16.tar k3s ctr images import images/appscode-petset-v0.0.16.tar diff --git a/catalog/sync-gcp-mp-images.sh b/catalog/sync-gcp-mp-images.sh index 00565b7e3..84f94704c 100755 --- a/catalog/sync-gcp-mp-images.sh +++ b/catalog/sync-gcp-mp-images.sh @@ -36,7 +36,7 @@ crane cp --allow-nondistributable-artifacts ghcr.io/appscode-charts/ace-installe crane cp --allow-nondistributable-artifacts ghcr.io/appscode-charts/ace:v2026.1.15 $IMAGE_REGISTRY/ace:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode-charts/service-gateway:v2026.1.15 $IMAGE_REGISTRY/service-gateway:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode-charts/spoke-cluster-addons:v2024.7.10 $IMAGE_REGISTRY/spoke-cluster-addons:$TAG -crane cp --allow-nondistributable-artifacts ghcr.io/appscode-images/ingress-nginx-controller:v1.11.1 $IMAGE_REGISTRY/ingress-nginx-controller:$TAG +crane cp --allow-nondistributable-artifacts ghcr.io/appscode-images/ingress-nginx-controller:v1.14.3 $IMAGE_REGISTRY/ingress-nginx-controller:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode-images/nats:2.10.24-alpine $IMAGE_REGISTRY/nats:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode-images/postgres:16.4-alpine $IMAGE_REGISTRY/postgres:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode-images/redis:7.2.4-bookworm $IMAGE_REGISTRY/redis:$TAG @@ -65,7 +65,7 @@ crane cp --allow-nondistributable-artifacts ghcr.io/appscode/kubectl-nonroot:1.3 crane cp --allow-nondistributable-artifacts ghcr.io/appscode/kubedb-ui:2.0.0 $IMAGE_REGISTRY/kubedb-ui:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode/license-proxyserver:v0.0.26 $IMAGE_REGISTRY/license-proxyserver:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode/maxmind-geoip:city-mmdb-latest $IMAGE_REGISTRY/maxmind-geoip:$TAG -crane cp --allow-nondistributable-artifacts ghcr.io/appscode/openfga:v1.9.5 $IMAGE_REGISTRY/openfga:$TAG +crane cp --allow-nondistributable-artifacts ghcr.io/appscode/openfga:v1.11.3 $IMAGE_REGISTRY/openfga:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode/operator-shard-manager:v0.0.1 $IMAGE_REGISTRY/operator-shard-manager:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode/panopticon:v0.0.16 $IMAGE_REGISTRY/panopticon:$TAG crane cp --allow-nondistributable-artifacts ghcr.io/appscode/petset:v0.0.16 $IMAGE_REGISTRY/petset:$TAG diff --git a/charts/ace/Chart.lock b/charts/ace/Chart.lock index 59496d25c..9b4844d6b 100644 --- a/charts/ace/Chart.lock +++ b/charts/ace/Chart.lock @@ -22,13 +22,13 @@ dependencies: version: v2026.1.15 - name: ingress-nginx repository: oci://ghcr.io/appscode-charts - version: 4.13.1 + version: 4.14.3 - name: nats repository: oci://ghcr.io/appscode-charts version: 0.19.17 - name: openfga repository: oci://ghcr.io/appscode-charts - version: 0.2.42 + version: 0.2.52 - name: pgoutbox repository: oci://ghcr.io/appscode-charts version: v2026.1.15 @@ -38,5 +38,5 @@ dependencies: - name: platform-opscenter repository: file://../platform-opscenter version: v2026.1.15 -digest: sha256:7dfceb7b148a69deda78c4b0b52682e1bb85e72f98791174dc535762ad8aadc2 -generated: "2026-01-20T21:39:34.783116045+06:00" +digest: sha256:f76aa2be3debd62b2e8a022c5973ce6c370d2ec36947becccb7a54689cf7d56a +generated: "2026-02-06T13:06:03.805932-05:00" diff --git a/charts/ace/Chart.yaml b/charts/ace/Chart.yaml index a6bdb01ff..44e65c0c8 100644 --- a/charts/ace/Chart.yaml +++ b/charts/ace/Chart.yaml @@ -43,7 +43,7 @@ dependencies: - name: ingress-nginx repository: oci://ghcr.io/appscode-charts condition: ingress-nginx.enabled - version: 4.13.1 + version: 4.14.3 - name: nats repository: oci://ghcr.io/appscode-charts condition: nats.enabled @@ -51,7 +51,7 @@ dependencies: - name: openfga repository: oci://ghcr.io/appscode-charts condition: openfga.enabled - version: 0.2.42 + version: 0.2.52 - name: pgoutbox repository: oci://ghcr.io/appscode-charts condition: pgoutbox.enabled diff --git a/charts/ace/values.openapiv3_schema.yaml b/charts/ace/values.openapiv3_schema.yaml index 7af3e3534..5f735724c 100644 --- a/charts/ace/values.openapiv3_schema.yaml +++ b/charts/ace/values.openapiv3_schema.yaml @@ -10689,8 +10689,11 @@ properties: items: type: string type: array + keysSecret: + type: string required: - keys + - keysSecret type: object required: - method @@ -10986,6 +10989,8 @@ properties: type: string engine: type: string + existingSecret: + type: string maxCacheSize: type: string maxIdleConns: @@ -11053,10 +11058,27 @@ properties: - image - resources type: object + password: + type: string + secretKeys: + properties: + passwordKey: + type: string + uriKey: + type: string + usernameKey: + type: string + required: + - passwordKey + - uriKey + - usernameKey + type: object uri: type: string uriSecret: type: string + username: + type: string waitForMigrations: type: boolean required: @@ -11064,13 +11086,17 @@ properties: - connMaxIdleTime - connMaxLifetime - engine + - existingSecret - maxCacheSize - maxIdleConns - maxOpenConns - migrationType - migrations + - password + - secretKeys - uri - uriSecret + - username - waitForMigrations type: object datastoreURI: @@ -12738,6 +12764,8 @@ properties: type: string tls: properties: + ca: + type: string cert: type: string enabled: @@ -12745,6 +12773,7 @@ properties: key: type: string required: + - ca - cert - enabled - key @@ -12827,181 +12856,1032 @@ properties: properties: host: type: string - paths: + paths: + items: + properties: + path: + type: string + pathType: + type: string + required: + - path + - pathType + type: object + type: array + required: + - host + - paths + type: object + type: array + tls: + items: + properties: + hosts: + items: + type: string + type: array + secretName: + type: string + required: + - hosts + - secretName + type: object + type: array + required: + - annotations + - className + - enabled + - hosts + - tls + type: object + initContainer: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + required: + - pullPolicy + - repository + - tag + type: object + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + listObjectsDeadline: + type: string + listObjectsMaxResults: + type: integer + listUsersDeadline: + type: string + listUsersMaxResults: + type: integer + livenessProbe: + properties: + enabled: + type: boolean + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: '' + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + required: + - enabled + type: object + log: + properties: + format: + type: string + level: + type: string + timestampFormat: + type: string + required: + - format + - level + - timestampFormat + type: object + maxAuthorizationModelSizeInBytes: + type: integer + maxChecksPerBatchCheck: + type: integer + maxConcurrentChecksPerBatchCheck: + type: integer + maxConcurrentReadsForCheck: + type: integer + maxConcurrentReadsForListObjects: + type: integer + maxConcurrentReadsForListUsers: + type: integer + maxTuplesPerWrite: + type: integer + maxTypesPerAuthorizationModel: + type: integer + migrate: + properties: + annotations: + additionalProperties: + type: string + type: object + extraInitContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: '' + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + properties: + key: + type: string + optional: + default: false + type: boolean + path: + type: string + volumeName: + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: '' + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: '' + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: '' + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: '' + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: '' + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + restartPolicyRules: + items: + properties: + action: + type: string + exitCodes: + properties: + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: '' + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: properties: - path: + devicePath: type: string - pathType: + name: type: string required: - - path - - pathType + - devicePath + - name type: object type: array - required: - - host - - paths - type: object - type: array - tls: - items: - properties: - hosts: + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: items: - type: string + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object type: array - secretName: + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: type: string required: - - hosts - - secretName + - name type: object type: array - required: - - annotations - - className - - enabled - - hosts - - tls - type: object - initContainer: - properties: - pullPolicy: - type: string - repository: - type: string - tag: - type: string - required: - - pullPolicy - - repository - - tag - type: object - listObjectsDeadline: - type: string - listObjectsMaxResults: - type: integer - listUsersDeadline: - type: string - listUsersMaxResults: - type: integer - livenessProbe: - properties: - enabled: - type: boolean - exec: - properties: - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - default: '' - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - required: - - enabled - type: object - log: - properties: - format: - type: string - level: - type: string - timestampFormat: - type: string - required: - - format - - level - - timestampFormat - type: object - maxAuthorizationModelSizeInBytes: - type: integer - maxConcurrentReadsForCheck: - type: integer - maxConcurrentReadsForListObjects: - type: integer - maxConcurrentReadsForListUsers: - type: integer - maxTuplesPerWrite: - type: integer - maxTypesPerAuthorizationModel: - type: integer - migrate: - properties: - annotations: - additionalProperties: - type: string - type: object extraVolumeMounts: items: properties: @@ -14589,6 +15469,7 @@ properties: type: integer required: - annotations + - extraInitContainers - extraVolumeMounts - extraVolumes - hook @@ -14815,6 +15696,8 @@ properties: items: type: integer type: array + requestTimeout: + type: string resolveNodeBreadthLimit: type: integer resolveNodeLimit: @@ -15864,6 +16747,12 @@ properties: - metrics - trace type: object + testContainerSpec: + type: object + x-kubernetes-preserve-unknown-fields: true + testPodSpec: + type: object + x-kubernetes-preserve-unknown-fields: true tolerations: items: properties: @@ -15880,6 +16769,60 @@ properties: type: string type: object type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array required: - affinity - allowEvaluating1_0Models @@ -15909,6 +16852,7 @@ properties: - imagePullSecrets - ingress - initContainer + - lifecycle - listObjectsDeadline - listObjectsMaxResults - listUsersDeadline @@ -15916,6 +16860,8 @@ properties: - livenessProbe - log - maxAuthorizationModelSizeInBytes + - maxChecksPerBatchCheck + - maxConcurrentChecksPerBatchCheck - maxConcurrentReadsForCheck - maxConcurrentReadsForListObjects - maxConcurrentReadsForListUsers @@ -15934,6 +16880,7 @@ properties: - readinessProbe - replicaCount - requestDurationDatastoreQueryCountBuckets + - requestTimeout - resolveNodeBreadthLimit - resolveNodeLimit - resources @@ -15943,7 +16890,10 @@ properties: - sidecars - startupProbe - telemetry + - testContainerSpec + - testPodSpec - tolerations + - topologySpreadConstraints type: object outbox-syncer: properties: