From 31ccbdd93bf8c5af64d7206174076e0ff9f75817 Mon Sep 17 00:00:00 2001 From: Mike Rostermund Date: Thu, 16 Jan 2025 13:06:49 +0100 Subject: [PATCH] Migrate to kubebuilder go/v4 plugin --- .devcontainer/devcontainer.json | 25 + .devcontainer/post-install.sh | 23 + .github/workflows/ci.yaml | 6 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/e2e-dummy.yaml | 2 +- .github/workflows/e2e.yaml | 2 +- .github/workflows/lint.yml | 23 + .github/workflows/preview.yaml | 2 +- .golangci.yml | 47 + Dockerfile | 8 +- Makefile | 257 +- PROJECT | 31 +- api/v1alpha1/groupversion_info.go | 6 +- api/v1alpha1/humioaction_types.go | 28 +- api/v1alpha1/humioaggregatealert_types.go | 18 +- api/v1alpha1/humioalert_types.go | 18 +- api/v1alpha1/humiobootstraptoken_types.go | 12 +- api/v1alpha1/humiocluster_types.go | 38 +- api/v1alpha1/humioexternalcluster_types.go | 16 +- api/v1alpha1/humiofilteralert_types.go | 26 +- api/v1alpha1/humioingesttoken_types.go | 24 +- api/v1alpha1/humioparser_types.go | 20 +- api/v1alpha1/humiorepository_types.go | 30 +- api/v1alpha1/humioscheduledsearch_types.go | 18 +- api/v1alpha1/humioview_types.go | 22 +- .../crds/core.humio.com_humioactions.yaml | 44 +- .../core.humio.com_humioaggregatealerts.yaml | 2 +- .../crds/core.humio.com_humioalerts.yaml | 2 +- .../core.humio.com_humiobootstraptokens.yaml | 133 +- .../crds/core.humio.com_humioclusters.yaml | 1390 +++++++--- .../core.humio.com_humioexternalclusters.yaml | 2 +- .../core.humio.com_humiofilteralerts.yaml | 4 +- .../core.humio.com_humioingesttokens.yaml | 4 +- .../crds/core.humio.com_humioparsers.yaml | 3 +- .../core.humio.com_humiorepositories.yaml | 2 +- ...core.humio.com_humioscheduledsearches.yaml | 2 +- .../crds/core.humio.com_humioviews.yaml | 4 +- .../templates/operator-deployment.yaml | 2 - cmd/main.go | 355 +++ .../bases/core.humio.com_humioactions.yaml | 44 +- .../core.humio.com_humioaggregatealerts.yaml | 2 +- .../crd/bases/core.humio.com_humioalerts.yaml | 2 +- .../core.humio.com_humiobootstraptokens.yaml | 133 +- .../bases/core.humio.com_humioclusters.yaml | 1390 +++++++--- .../core.humio.com_humioexternalclusters.yaml | 2 +- .../core.humio.com_humiofilteralerts.yaml | 4 +- .../core.humio.com_humioingesttokens.yaml | 4 +- .../bases/core.humio.com_humioparsers.yaml | 3 +- .../core.humio.com_humiorepositories.yaml | 2 +- ...core.humio.com_humioscheduledsearches.yaml | 2 +- .../crd/bases/core.humio.com_humioviews.yaml | 4 +- config/crd/kustomization.yaml | 47 +- config/crd/kustomizeconfig.yaml | 6 +- .../patches/cainjection_in_humioactions.yaml | 8 - .../cainjection_in_humioaggregatealerts.yaml | 7 - .../patches/cainjection_in_humioalerts.yaml | 8 - .../patches/cainjection_in_humioclusters.yaml | 8 - .../cainjection_in_humioexternalclusters.yaml | 8 - .../cainjection_in_humioingesttokens.yaml | 8 - .../patches/cainjection_in_humioparsers.yaml | 8 - .../cainjection_in_humiorepositories.yaml | 8 - ...cainjection_in_humioscheduledsearches.yaml | 7 - .../patches/cainjection_in_humioviews.yaml | 8 - .../crd/patches/webhook_in_humioactions.yaml | 17 - .../webhook_in_humioaggregatealerts.yaml | 16 - .../crd/patches/webhook_in_humioalerts.yaml | 17 - .../crd/patches/webhook_in_humioclusters.yaml | 17 - .../webhook_in_humioexternalclusters.yaml | 17 - .../patches/webhook_in_humioingesttokens.yaml | 17 - .../crd/patches/webhook_in_humioparsers.yaml | 17 - .../patches/webhook_in_humiorepositories.yaml | 17 - .../webhook_in_humioscheduledsearches.yaml | 16 - config/crd/patches/webhook_in_humioviews.yaml | 17 - .../default/cert_metrics_manager_patch.yaml | 30 + config/default/kustomization.yaml | 226 +- config/default/manager_auth_proxy_patch.yaml | 25 - config/default/manager_config_patch.yaml | 20 - config/default/manager_metrics_patch.yaml | 4 + config/default/manager_webhook_patch.yaml | 23 - .../metrics_service.yaml} | 6 +- config/default/webhookcainjection_patch.yaml | 15 - config/manager/controller_manager_config.yaml | 11 - config/manager/kustomization.yaml | 6 - config/manager/manager.yaml | 68 +- .../humio-operator.clusterserviceversion.yaml | 80 - .../network-policy/allow-metrics-traffic.yaml | 27 + config/network-policy/kustomization.yaml | 2 + config/prometheus/kustomization.yaml | 9 + config/prometheus/monitor.yaml | 11 +- config/prometheus/monitor_tls_patch.yaml | 22 + config/rbac/humioaction_admin_role.yaml | 27 + config/rbac/humioaction_editor_role.yaml | 11 +- config/rbac/humioaction_viewer_role.yaml | 11 +- .../rbac/humioaggregatealert_admin_role.yaml | 27 + .../rbac/humioaggregatealert_editor_role.yaml | 14 +- .../rbac/humioaggregatealert_viewer_role.yaml | 14 +- config/rbac/humioalert_admin_role.yaml | 27 + config/rbac/humioalert_editor_role.yaml | 11 +- config/rbac/humioalert_viewer_role.yaml | 11 +- .../rbac/humiobootstraptoken_admin_role.yaml | 27 + .../rbac/humiobootstraptoken_editor_role.yaml | 33 + .../rbac/humiobootstraptoken_viewer_role.yaml | 29 + config/rbac/humiocluster_admin_role.yaml | 27 + config/rbac/humiocluster_editor_role.yaml | 11 +- config/rbac/humiocluster_viewer_role.yaml | 11 +- .../rbac/humioexternalcluster_admin_role.yaml | 27 + .../humioexternalcluster_editor_role.yaml | 11 +- .../humioexternalcluster_viewer_role.yaml | 11 +- config/rbac/humiofilteralert_admin_role.yaml | 27 + config/rbac/humiofilteralert_editor_role.yaml | 11 +- config/rbac/humiofilteralert_viewer_role.yaml | 11 +- config/rbac/humioingesttoken_admin_role.yaml | 27 + config/rbac/humioingesttoken_editor_role.yaml | 11 +- config/rbac/humioingesttoken_viewer_role.yaml | 11 +- config/rbac/humioparser_admin_role.yaml | 27 + config/rbac/humioparser_editor_role.yaml | 11 +- config/rbac/humioparser_viewer_role.yaml | 11 +- config/rbac/humiorepository_admin_role.yaml | 27 + config/rbac/humiorepository_editor_role.yaml | 11 +- config/rbac/humiorepository_viewer_role.yaml | 11 +- .../rbac/humioscheduledsearch_admin_role.yaml | 27 + .../humioscheduledsearch_editor_role.yaml | 11 +- .../humioscheduledsearch_viewer_role.yaml | 11 +- config/rbac/humioview_admin_role.yaml | 27 + config/rbac/humioview_editor_role.yaml | 11 +- config/rbac/humioview_viewer_role.yaml | 11 +- config/rbac/kustomization.yaml | 57 +- config/rbac/leader_election_role.yaml | 3 + config/rbac/leader_election_role_binding.yaml | 3 + ...proxy_role.yaml => metrics_auth_role.yaml} | 2 +- ...ng.yaml => metrics_auth_role_binding.yaml} | 4 +- ...sterrole.yaml => metrics_reader_role.yaml} | 0 config/rbac/role.yaml | 389 +-- config/rbac/role_binding.yaml | 3 + config/rbac/service_account.yaml | 3 + config/samples/core_v1alpha1_humioaction.yaml | 9 +- .../core_v1alpha1_humioaggregatealert.yaml | 4 +- config/samples/core_v1alpha1_humioalert.yaml | 9 +- .../core_v1alpha1_humiobootstraptoken.yaml | 7 +- .../samples/core_v1alpha1_humiocluster.yaml | 8 +- ...a1_humiocluster_shared_serviceaccount.yaml | 37 - .../core_v1alpha1_humioexternalcluster.yaml | 14 +- .../core_v1alpha1_humiofilteralert.yaml | 9 +- .../core_v1alpha1_humioingesttoken.yaml | 24 +- config/samples/core_v1alpha1_humioparser.yaml | 10 +- .../core_v1alpha1_humiorepository.yaml | 10 +- .../core_v1alpha1_humioscheduledsearch.yaml | 7 +- config/samples/core_v1alpha1_humioview.yaml | 7 +- config/samples/kustomization.yaml | 15 + docs/api.md | 2309 ++++++++++++----- examples/humioaction-email.yaml | 31 - examples/humioaction-humiorepository.yaml | 21 - examples/humioaction-ops-genie.yaml | 21 - examples/humioaction-pagerduty.yaml | 23 - examples/humioaction-slack-post-message.yaml | 33 - examples/humioaction-slack.yaml | 27 - examples/humioaction-victor-ops.yaml | 23 - examples/humioaction-webhook.yaml | 86 - examples/humioaggregatealert.yaml | 39 - examples/humioalert.yaml | 37 - ...humiocluster-affinity-and-tolerations.yaml | 53 - ...istent-volume-claim-policy-kind-local.yaml | 38 - ...miocluster-ephemeral-with-gcs-storage.yaml | 66 - ...umiocluster-ephemeral-with-s3-storage.yaml | 59 - examples/humiocluster-kind-local.yaml | 38 - ...umiocluster-multi-nodepool-kind-local.yaml | 67 - ...uster-nginx-ingress-with-cert-manager.yaml | 31 - ...luster-nginx-ingress-with-custom-path.yaml | 28 - ...r-nginx-ingress-with-hostname-secrets.yaml | 37 - .../humiocluster-nodepool-slice-only.yaml | 57 - examples/humiocluster-persistent-volumes.yaml | 58 - examples/humioexternalcluster-http.yaml | 7 - .../humioexternalcluster-https-custom-ca.yaml | 8 - examples/humioexternalcluster-https.yaml | 7 - examples/humiofilteralert.yaml | 27 - examples/humioingesttoken-with-secret.yaml | 19 - examples/humioingesttoken-without-secret.yaml | 17 - examples/humioparser.yaml | 27 - examples/humiorepository.yaml | 32 - examples/humioscheduledsearch.yaml | 37 - examples/humioview.yaml | 10 - go.mod | 97 +- go.sum | 203 +- hack/functions.sh | 12 +- hack/run-e2e-within-kind-test-pod-dummy.sh | 2 +- hack/run-e2e-within-kind-test-pod.sh | 2 +- images/helper/Dockerfile | 2 +- images/helper/go.mod | 2 +- images/logscale-dummy/Dockerfile | 2 +- images/logscale-dummy/main.go | 13 +- internal/api/client.go | 14 +- .../controller}/humioaction_controller.go | 35 +- .../humioaggregatealert_controller.go | 18 +- .../controller}/humioalert_controller.go | 21 +- .../humiobootstraptoken_controller.go | 33 +- .../humiobootstraptoken_defaults.go | 4 +- .../controller}/humiobootstraptoken_pods.go | 2 +- .../controller}/humiocluster_annotations.go | 2 +- .../controller}/humiocluster_controller.go | 52 +- .../humiocluster_controller_test.go | 2 +- .../controller}/humiocluster_defaults.go | 12 +- .../controller}/humiocluster_defaults_test.go | 2 +- .../controller}/humiocluster_ingresses.go | 42 +- .../controller}/humiocluster_metrics.go | 2 +- .../humiocluster_permission_tokens.go | 2 +- .../humiocluster_persistent_volumes.go | 6 +- .../controller}/humiocluster_pod_lifecycle.go | 2 +- .../controller}/humiocluster_pod_status.go | 2 +- .../humiocluster_pod_status_test.go | 2 +- .../controller}/humiocluster_pods.go | 23 +- .../controller}/humiocluster_secrets.go | 2 +- .../controller}/humiocluster_services.go | 20 +- .../controller}/humiocluster_status.go | 10 +- .../controller}/humiocluster_tls.go | 2 +- .../controller}/humiocluster_version.go | 2 +- .../controller}/humiocluster_version_test.go | 2 +- .../humioexternalcluster_controller.go | 17 +- .../humioexternalcluster_status.go | 2 +- .../humiofilteralert_controller.go | 21 +- .../humioingesttoken_controller.go | 12 +- .../controller}/humioingesttoken_metrics.go | 2 +- .../controller}/humioparser_controller.go | 17 +- .../controller}/humiorepository_controller.go | 17 +- .../humioscheduledsearch_controller.go | 23 +- .../controller}/humioview_controller.go | 16 +- .../clusters/humiocluster_controller_test.go | 938 +++---- .../controller}/suite/clusters/suite_test.go | 101 +- .../controller}/suite/common.go | 63 +- .../humioresources_controller_test.go | 148 +- .../controller}/suite/resources/suite_test.go | 65 +- .../controller}/versions/versions.go | 0 internal/helpers/clusterinterface.go | 5 +- internal/helpers/helpers.go | 31 +- main.go | 224 -- test.Dockerfile | 2 +- 235 files changed, 7200 insertions(+), 4925 deletions(-) create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/post-install.sh create mode 100644 .github/workflows/lint.yml create mode 100644 .golangci.yml create mode 100644 cmd/main.go delete mode 100644 config/crd/patches/cainjection_in_humioactions.yaml delete mode 100644 config/crd/patches/cainjection_in_humioaggregatealerts.yaml delete mode 100644 config/crd/patches/cainjection_in_humioalerts.yaml delete mode 100644 config/crd/patches/cainjection_in_humioclusters.yaml delete mode 100644 config/crd/patches/cainjection_in_humioexternalclusters.yaml delete mode 100644 config/crd/patches/cainjection_in_humioingesttokens.yaml delete mode 100644 config/crd/patches/cainjection_in_humioparsers.yaml delete mode 100644 config/crd/patches/cainjection_in_humiorepositories.yaml delete mode 100644 config/crd/patches/cainjection_in_humioscheduledsearches.yaml delete mode 100644 config/crd/patches/cainjection_in_humioviews.yaml delete mode 100644 config/crd/patches/webhook_in_humioactions.yaml delete mode 100644 config/crd/patches/webhook_in_humioaggregatealerts.yaml delete mode 100644 config/crd/patches/webhook_in_humioalerts.yaml delete mode 100644 config/crd/patches/webhook_in_humioclusters.yaml delete mode 100644 config/crd/patches/webhook_in_humioexternalclusters.yaml delete mode 100644 config/crd/patches/webhook_in_humioingesttokens.yaml delete mode 100644 config/crd/patches/webhook_in_humioparsers.yaml delete mode 100644 config/crd/patches/webhook_in_humiorepositories.yaml delete mode 100644 config/crd/patches/webhook_in_humioscheduledsearches.yaml delete mode 100644 config/crd/patches/webhook_in_humioviews.yaml create mode 100644 config/default/cert_metrics_manager_patch.yaml delete mode 100644 config/default/manager_auth_proxy_patch.yaml delete mode 100644 config/default/manager_config_patch.yaml create mode 100644 config/default/manager_metrics_patch.yaml delete mode 100644 config/default/manager_webhook_patch.yaml rename config/{rbac/auth_proxy_service.yaml => default/metrics_service.yaml} (59%) delete mode 100644 config/default/webhookcainjection_patch.yaml delete mode 100644 config/manager/controller_manager_config.yaml delete mode 100644 config/manifests/bases/humio-operator.clusterserviceversion.yaml create mode 100644 config/network-policy/allow-metrics-traffic.yaml create mode 100644 config/network-policy/kustomization.yaml create mode 100644 config/prometheus/monitor_tls_patch.yaml create mode 100644 config/rbac/humioaction_admin_role.yaml create mode 100644 config/rbac/humioaggregatealert_admin_role.yaml create mode 100644 config/rbac/humioalert_admin_role.yaml create mode 100644 config/rbac/humiobootstraptoken_admin_role.yaml create mode 100644 config/rbac/humiobootstraptoken_editor_role.yaml create mode 100644 config/rbac/humiobootstraptoken_viewer_role.yaml create mode 100644 config/rbac/humiocluster_admin_role.yaml create mode 100644 config/rbac/humioexternalcluster_admin_role.yaml create mode 100644 config/rbac/humiofilteralert_admin_role.yaml create mode 100644 config/rbac/humioingesttoken_admin_role.yaml create mode 100644 config/rbac/humioparser_admin_role.yaml create mode 100644 config/rbac/humiorepository_admin_role.yaml create mode 100644 config/rbac/humioscheduledsearch_admin_role.yaml create mode 100644 config/rbac/humioview_admin_role.yaml rename config/rbac/{auth_proxy_role.yaml => metrics_auth_role.yaml} (90%) rename config/rbac/{auth_proxy_role_binding.yaml => metrics_auth_role_binding.yaml} (79%) rename config/rbac/{auth_proxy_client_clusterrole.yaml => metrics_reader_role.yaml} (100%) rename examples/humiobootstraptoken.yaml => config/samples/core_v1alpha1_humiobootstraptoken.yaml (62%) delete mode 100644 config/samples/core_v1alpha1_humiocluster_shared_serviceaccount.yaml create mode 100644 config/samples/kustomization.yaml delete mode 100644 examples/humioaction-email.yaml delete mode 100644 examples/humioaction-humiorepository.yaml delete mode 100644 examples/humioaction-ops-genie.yaml delete mode 100644 examples/humioaction-pagerduty.yaml delete mode 100644 examples/humioaction-slack-post-message.yaml delete mode 100644 examples/humioaction-slack.yaml delete mode 100644 examples/humioaction-victor-ops.yaml delete mode 100644 examples/humioaction-webhook.yaml delete mode 100644 examples/humioaggregatealert.yaml delete mode 100644 examples/humioalert.yaml delete mode 100644 examples/humiocluster-affinity-and-tolerations.yaml delete mode 100644 examples/humiocluster-data-volume-persistent-volume-claim-policy-kind-local.yaml delete mode 100644 examples/humiocluster-ephemeral-with-gcs-storage.yaml delete mode 100644 examples/humiocluster-ephemeral-with-s3-storage.yaml delete mode 100644 examples/humiocluster-kind-local.yaml delete mode 100644 examples/humiocluster-multi-nodepool-kind-local.yaml delete mode 100644 examples/humiocluster-nginx-ingress-with-cert-manager.yaml delete mode 100644 examples/humiocluster-nginx-ingress-with-custom-path.yaml delete mode 100644 examples/humiocluster-nginx-ingress-with-hostname-secrets.yaml delete mode 100644 examples/humiocluster-nodepool-slice-only.yaml delete mode 100644 examples/humiocluster-persistent-volumes.yaml delete mode 100644 examples/humioexternalcluster-http.yaml delete mode 100644 examples/humioexternalcluster-https-custom-ca.yaml delete mode 100644 examples/humioexternalcluster-https.yaml delete mode 100644 examples/humiofilteralert.yaml delete mode 100644 examples/humioingesttoken-with-secret.yaml delete mode 100644 examples/humioingesttoken-without-secret.yaml delete mode 100644 examples/humioparser.yaml delete mode 100644 examples/humiorepository.yaml delete mode 100644 examples/humioscheduledsearch.yaml delete mode 100644 examples/humioview.yaml rename {controllers => internal/controller}/humioaction_controller.go (95%) rename {controllers => internal/controller}/humioaggregatealert_controller.go (95%) rename {controllers => internal/controller}/humioalert_controller.go (95%) rename {controllers => internal/controller}/humiobootstraptoken_controller.go (97%) rename {controllers => internal/controller}/humiobootstraptoken_defaults.go (97%) rename {controllers => internal/controller}/humiobootstraptoken_pods.go (98%) rename {controllers => internal/controller}/humiocluster_annotations.go (97%) rename {controllers => internal/controller}/humiocluster_controller.go (98%) rename {controllers => internal/controller}/humiocluster_controller_test.go (98%) rename {controllers => internal/controller}/humiocluster_defaults.go (99%) rename {controllers => internal/controller}/humiocluster_defaults_test.go (99%) rename {controllers => internal/controller}/humiocluster_ingresses.go (85%) rename {controllers => internal/controller}/humiocluster_metrics.go (99%) rename {controllers => internal/controller}/humiocluster_permission_tokens.go (99%) rename {controllers => internal/controller}/humiocluster_persistent_volumes.go (96%) rename {controllers => internal/controller}/humiocluster_pod_lifecycle.go (99%) rename {controllers => internal/controller}/humiocluster_pod_status.go (99%) rename {controllers => internal/controller}/humiocluster_pod_status_test.go (98%) rename {controllers => internal/controller}/humiocluster_pods.go (98%) rename {controllers => internal/controller}/humiocluster_secrets.go (98%) rename {controllers => internal/controller}/humiocluster_services.go (94%) rename {controllers => internal/controller}/humiocluster_status.go (98%) rename {controllers => internal/controller}/humiocluster_tls.go (99%) rename {controllers => internal/controller}/humiocluster_version.go (98%) rename {controllers => internal/controller}/humiocluster_version_test.go (99%) rename {controllers => internal/controller}/humioexternalcluster_controller.go (91%) rename {controllers => internal/controller}/humioexternalcluster_status.go (98%) rename {controllers => internal/controller}/humiofilteralert_controller.go (95%) rename {controllers => internal/controller}/humioingesttoken_controller.go (96%) rename {controllers => internal/controller}/humioingesttoken_metrics.go (98%) rename {controllers => internal/controller}/humioparser_controller.go (96%) rename {controllers => internal/controller}/humiorepository_controller.go (96%) rename {controllers => internal/controller}/humioscheduledsearch_controller.go (95%) rename {controllers => internal/controller}/humioview_controller.go (94%) rename {controllers => internal/controller}/suite/clusters/humiocluster_controller_test.go (87%) rename {controllers => internal/controller}/suite/clusters/suite_test.go (86%) rename {controllers => internal/controller}/suite/common.go (92%) rename {controllers => internal/controller}/suite/resources/humioresources_controller_test.go (97%) rename {controllers => internal/controller}/suite/resources/suite_test.go (89%) rename {controllers => internal/controller}/versions/versions.go (100%) delete mode 100644 main.go diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..259f0f67 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,25 @@ +{ + "name": "Kubebuilder DevContainer", + "image": "golang:1.23", + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {}, + "ghcr.io/devcontainers/features/git:1": {} + }, + + "runArgs": ["--network=host"], + + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + "extensions": [ + "ms-kubernetes-tools.vscode-kubernetes-tools", + "ms-azuretools.vscode-docker" + ] + } + }, + + "onCreateCommand": "bash .devcontainer/post-install.sh" +} + diff --git a/.devcontainer/post-install.sh b/.devcontainer/post-install.sh new file mode 100644 index 00000000..265c43ee --- /dev/null +++ b/.devcontainer/post-install.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -x + +curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 +chmod +x ./kind +mv ./kind /usr/local/bin/kind + +curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/linux/amd64 +chmod +x kubebuilder +mv kubebuilder /usr/local/bin/ + +KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) +curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl" +chmod +x kubectl +mv kubectl /usr/local/bin/kubectl + +docker network create -d=bridge --subnet=172.19.0.0/24 kind + +kind version +kubebuilder version +docker --version +go version +kubectl version --client diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9072a30b..6f31edff 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - name: Generate manifests shell: bash run: | @@ -40,7 +40,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - shell: bash run: | make test @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - name: Run Gosec Security Scanner run: | export PATH=$PATH:$(go env GOPATH)/bin diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d2cc4e21..11ca81ea 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/e2e-dummy.yaml b/.github/workflows/e2e-dummy.yaml index bd816335..84412df6 100644 --- a/.github/workflows/e2e-dummy.yaml +++ b/.github/workflows/e2e-dummy.yaml @@ -23,7 +23,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - name: cleanup kind run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 44563c6f..02d3d50f 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -23,7 +23,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - name: cleanup kind run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..46511063 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,23 @@ +name: Lint + +on: + push: + pull_request: + +jobs: + lint: + name: Run on Ubuntu + runs-on: ubuntu-latest + steps: + - name: Clone the code + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Run linter + uses: golangci/golangci-lint-action@v6 + with: + version: v1.62.2 diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml index 51b03e8d..0948a40c 100644 --- a/.github/workflows/preview.yaml +++ b/.github/workflows/preview.yaml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '1.22.2' + go-version: '1.23.4' - name: cleanup kind run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64 diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..6b297462 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,47 @@ +run: + timeout: 5m + allow-parallel-runners: true + +issues: + # don't skip warning about doc comments + # don't exclude the default set of lint + exclude-use-default: false + # restore some of the defaults + # (fill in the rest as needed) + exclude-rules: + - path: "api/*" + linters: + - lll + - path: "internal/*" + linters: + - dupl + - lll +linters: + disable-all: true + enable: + - dupl + - errcheck + - copyloopvar + - ginkgolinter + - goconst + - gocyclo + - gofmt + - goimports + - gosimple + - govet + - ineffassign + - lll + - misspell + - nakedret + - prealloc + - revive + - staticcheck + - typecheck + - unconvert + - unparam + - unused + +linters-settings: + revive: + rules: + - name: comment-spacings diff --git a/Dockerfile b/Dockerfile index 67867099..dc1262fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.22-alpine AS builder +FROM golang:1.23-alpine AS builder ARG RELEASE_VERSION=master ARG RELEASE_COMMIT=none @@ -14,15 +14,13 @@ COPY go.sum go.sum RUN go mod download # Copy the go source -COPY main.go main.go +COPY cmd/main.go cmd/main.go COPY api/ api/ -COPY controllers/ controllers/ COPY internal/ internal/ # Build -RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager cmd/main.go -# Use ubi8 as base image to package the manager binary to comply with Red Hat image certification requirements FROM scratch LABEL "name"="humio-operator" LABEL "vendor"="humio" diff --git a/Makefile b/Makefile index ee6d6f00..70a3240d 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,5 @@ -SCHEMA_CLUSTER?=${HUMIO_ENDPOINT} -SCHEMA_CLUSTER_API_TOKEN?=${HUMIO_TOKEN} - # Image URL to use all building/pushing image targets -IMG ?= humio/humio-operator:latest +IMG ?= controller:latest # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -11,19 +8,25 @@ else GOBIN=$(shell go env GOBIN) endif +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + # Setting SHELL to bash allows bash commands to be executed by recipes. -# This is a requirement for 'setup-envtest.sh' in the test target. # Options are set to exit when a recipe line exits non-zero or a piped command fails. SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +.PHONY: all all: build ##@ General # The help target prints out all targets with their descriptions organized # beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the +# target descriptions by '##'. The awk command is responsible for reading the # entire set of makefiles included in this invocation, looking for lines of the # file as xyz: ## something, and then pretty-format the target and help. Then, # if there's a line with ##@ something, that gets pretty-printed as a category. @@ -32,115 +35,238 @@ all: build # More info on the awk command: # http://linuxcommand.org/lc3_adv_awk.php +.PHONY: help help: ## Display this help. @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) ##@ Development -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases - hack/gen-crds.sh # NOTE: This line was custom added for the humio-operator project. +#.PHONY: manifests +#manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. +# $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases +# hack/gen-crds.sh # NOTE: This line was custom added for the humio-operator project. -update-schema: - go run github.com/suessflorian/gqlfetch/gqlfetch@607d6757018016bba0ba7fd1cb9fed6aefa853b5 --endpoint ${SCHEMA_CLUSTER}/graphql --header "Authorization=Bearer ${SCHEMA_CLUSTER_API_TOKEN}" > internal/api/humiographql/schema/_schema.graphql - printf "# Fetched from version %s" $$(curl --silent --location '${SCHEMA_CLUSTER}/api/v1/status' | jq -r ".version") >> internal/api/humiographql/schema/_schema.graphql - -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - go generate ./... - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." +#.PHONY: generate +#generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. +# go generate ./... # NOTE: This line was custom added for the humio-operator project. +# $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." +.PHONY: fmt fmt: ## Run go fmt against code. go fmt ./... +.PHONY: vet vet: ## Run go vet against code. go vet ./... -test: manifests generate fmt vet ginkgo ## Run tests. - go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest - $(SHELL) -c "\ - eval \$$($(GOBIN)/setup-envtest use -p env ${TEST_K8S_VERSION}); \ - export TEST_USING_ENVTEST=true; \ - $(GINKGO) --label-filter=envtest -vv --no-color --procs=3 -output-dir=${PWD} -keep-separate-reports -race --junit-report=test-results-junit.xml --randomize-suites --randomize-all -timeout 10m ./... -covermode=count -coverprofile cover.out \ - " +#.PHONY: test +#test: manifests generate fmt vet setup-envtest ## Run tests. +# KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out + +# TODO(user): To use a different vendor for e2e tests, modify the setup under 'tests/e2e'. +# The default setup assumes Kind is pre-installed and builds/loads the Manager Docker image locally. +# Prometheus and CertManager are installed by default; skip with: +# - PROMETHEUS_INSTALL_SKIP=true +# - CERT_MANAGER_INSTALL_SKIP=true +.PHONY: test-e2e +test-e2e: manifests generate fmt vet ## Run the e2e tests. Expected an isolated environment using Kind. + @command -v kind >/dev/null 2>&1 || { \ + echo "Kind is not installed. Please install Kind manually."; \ + exit 1; \ + } + @kind get clusters | grep -q 'kind' || { \ + echo "No Kind cluster is running. Please start a Kind cluster before running the e2e tests."; \ + exit 1; \ + } + go test ./test/e2e/ -v -ginkgo.v -run-e2e-tests-local-kind: manifests generate fmt vet ## Run tests. - hack/run-e2e-using-kind.sh +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +.PHONY: lint-config +lint-config: golangci-lint ## Verify golangci-lint linter configuration + $(GOLANGCI_LINT) config verify ##@ Build -build: generate fmt vet ## Build manager binary. - go build -ldflags="-s -w" -o bin/manager main.go +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go +.PHONY: run run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go + go run ./cmd/main.go +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push docker-push: ## Push docker image with the manager. - docker push ${IMG} + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name humio-operator-builder + $(CONTAINER_TOOL) buildx use humio-operator-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm humio-operator-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml ##@ Deployment +ifndef ignore-not-found + ignore-not-found = false +endif + +.PHONY: install install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply -f - + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - -uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl delete -f - +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - +.PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default | kubectl apply -f - - -undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/default | kubectl delete -f - - + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen +ENVTEST ?= $(LOCALBIN)/setup-envtest +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.5.0 +CONTROLLER_TOOLS_VERSION ?= v0.17.0 +#ENVTEST_VERSION is the version of controller-runtime release branch to fetch the envtest setup script (i.e. release-0.20) +ENVTEST_VERSION ?= $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}') +#ENVTEST_K8S_VERSION is the version of Kubernetes to use for setting up ENVTEST binaries (i.e. 1.31) +ENVTEST_K8S_VERSION ?= $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}') +GOLANGCI_LINT_VERSION ?= v1.62.2 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: setup-envtest +setup-envtest: envtest ## Download the binaries required for ENVTEST in the local bin directory. + @echo "Setting up envtest binaries for Kubernetes version $(ENVTEST_K8S_VERSION)..." + @$(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path || { \ + echo "Error: Failed to set up envtest binaries for version $(ENVTEST_K8S_VERSION)."; \ + exit 1; \ + } -CONTROLLER_GEN = $(shell pwd)/bin/controller-gen -controller-gen: ## Download controller-gen locally. - $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0) +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) -KUSTOMIZE = $(shell pwd)/bin/kustomize -kustomize: ## Download kustomize locally if necessary. - $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v4@v4.5.2) +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) -# go-install-tool will 'go install' any package $2 and install it to $1. -PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary +# $2 - package url which can be installed +# $3 - specific version of package define go-install-tool -@[ -f $(1) ] || { \ -set -e ;\ -TMP_DIR=$$(mktemp -d) ;\ -cd $$TMP_DIR ;\ -go mod init tmp ;\ -go version ;\ -echo "Downloading $(2)" ;\ -GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\ -rm -rf $$TMP_DIR ;\ -} +@[ -f "$(1)-$(3)" ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +rm -f $(1) || true ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv $(1) $(1)-$(3) ;\ +} ;\ +ln -sf $(1)-$(3) $(1) endef +##@ The majority of the custom additions to this makefile for the humio-operator projects is below this line +SCHEMA_CLUSTER?=${HUMIO_ENDPOINT} +SCHEMA_CLUSTER_API_TOKEN?=${HUMIO_TOKEN} + +.PHONY: update-schema +update-schema: + go run github.com/suessflorian/gqlfetch/gqlfetch@607d6757018016bba0ba7fd1cb9fed6aefa853b5 --endpoint ${SCHEMA_CLUSTER}/graphql --header "Authorization=Bearer ${SCHEMA_CLUSTER_API_TOKEN}" > internal/api/humiographql/schema/_schema.graphql + printf "# Fetched from version %s" $$(curl --silent --location '${SCHEMA_CLUSTER}/api/v1/status' | jq -r ".version") >> internal/api/humiographql/schema/_schema.graphql -# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. -# This variable is used to construct full image tags -IMAGE_TAG_BASE ?= humio/humio-operator +.PHONY: test-envtest +test: manifests generate fmt vet setup-envtest ginkgo ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \ + TEST_USING_ENVTEST=true \ + $(GINKGO) --label-filter=envtest -vv --no-color --procs=3 -output-dir=${PWD} -keep-separate-reports -race --junit-report=test-results-junit.xml --randomize-suites --randomize-all -timeout 10m ./... -covermode=count -coverprofile cover.out -OS = $(shell go env GOOS) -ARCH = $(shell go env GOARCH) +.PHONY: run-e2e-tests-local-kind +run-e2e-tests-local-kind: manifests generate fmt vet ## Run tests. + hack/run-e2e-using-kind.sh # Run go fmt against code +.PHONY: fmt-simple fmt-simple: gofmt -l -w -s . # Build the operator docker image +.PHONY: docker-build-operator docker-build-operator: docker build --no-cache --pull -t ${IMG} ${IMG_BUILD_ARGS} . # Build the helper docker image +.PHONY: docker-build-helper docker-build-helper: cp LICENSE images/helper/ docker build --no-cache --pull -t ${IMG} ${IMG_BUILD_ARGS} images/helper # Build the logscale dummy docker image +.PHONY: docker-build-dummy docker-build-dummy: docker build --no-cache --pull -t ${IMG} ${IMG_BUILD_ARGS} images/logscale-dummy +.PHONY: clean clean: rm controllers_*.xml || true rm -r testbindir || true @@ -187,5 +313,16 @@ endif CRDOC=$(GOBIN)/crdoc endif +.PHONY: apidocs apidocs: manifests crdoc $(CRDOC) --resources config/crd/bases --output docs/api.md + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + hack/gen-crds.sh + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + go generate ./... + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." diff --git a/PROJECT b/PROJECT index 92bab7b6..609e2e23 100644 --- a/PROJECT +++ b/PROJECT @@ -4,10 +4,19 @@ # More info: https://book.kubebuilder.io/reference/project-config.html domain: humio.com layout: -- go.kubebuilder.io/v3 +- go.kubebuilder.io/v4 projectName: humio-operator repo: github.com/humio/humio-operator resources: +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: humio.com + group: core + kind: HumioCluster + path: github.com/humio/humio-operator/api/v1alpha1 + version: v1alpha1 - api: crdVersion: v1 namespaced: true @@ -23,7 +32,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioAlert + kind: HumioAggregateAlert path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -32,7 +41,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioCluster + kind: HumioAlert path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -41,7 +50,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioExternalCluster + kind: HumioBootstrapToken path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -50,7 +59,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioFilterAlert + kind: HumioExternalCluster path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -59,7 +68,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioIngestToken + kind: HumioFilterAlert path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -68,7 +77,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioParser + kind: HumioIngestToken path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -77,7 +86,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioRepository + kind: HumioParser path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -86,7 +95,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioScheduledSearch + kind: HumioRepository path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -95,7 +104,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioView + kind: HumioScheduledSearch path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 - api: @@ -104,7 +113,7 @@ resources: controller: true domain: humio.com group: core - kind: HumioAggregateAlert + kind: HumioView path: github.com/humio/humio-operator/api/v1alpha1 version: v1alpha1 version: "3" diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index 985f7345..972c994a 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group +// Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group. // +kubebuilder:object:generate=true // +groupName=core.humio.com package v1alpha1 @@ -25,10 +25,10 @@ import ( ) var ( - // GroupVersion is group version used to register these objects + // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "core.humio.com", Version: "v1alpha1"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. diff --git a/api/v1alpha1/humioaction_types.go b/api/v1alpha1/humioaction_types.go index 40f61dd9..5098cf05 100644 --- a/api/v1alpha1/humioaction_types.go +++ b/api/v1alpha1/humioaction_types.go @@ -40,7 +40,7 @@ type HumioActionWebhookProperties struct { Headers map[string]string `json:"headers,omitempty"` // SecretHeaders specifies what HTTP headers to use and where to fetch the values from. // If both Headers and SecretHeaders are specified, they will be merged together. - //+kubebuilder:default={} + // +kubebuilder:default={} SecretHeaders []HeadersSource `json:"secretHeaders,omitempty"` Method string `json:"method,omitempty"` // Url specifies what URL to use @@ -56,8 +56,8 @@ type HumioActionWebhookProperties struct { // HeadersSource defines a header and corresponding source for the value of it. type HeadersSource struct { // Name is the name of the header. - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ValueFrom defines where to fetch the value of the header from. ValueFrom VarSource `json:"valueFrom,omitempty"` @@ -67,8 +67,8 @@ type HeadersSource struct { type HumioActionEmailProperties struct { BodyTemplate string `json:"bodyTemplate,omitempty"` SubjectTemplate string `json:"subjectTemplate,omitempty"` - //+kubebuilder:validation:MinItems=1 - //+required + // +kubebuilder:validation:MinItems=1 + // +required Recipients []string `json:"recipients,omitempty"` UseProxy bool `json:"useProxy,omitempty"` } @@ -128,9 +128,9 @@ type HumioActionSlackPostMessageProperties struct { // If both ApiToken and ApiTokenSource are specified, ApiToken will be used. ApiTokenSource VarSource `json:"apiTokenSource,omitempty"` Channels []string `json:"channels,omitempty"` - //+kubebuilder:default={} + // +kubebuilder:default={} Fields map[string]string `json:"fields,omitempty"` - //+kubebuilder:default=false + // +kubebuilder:default=false UseProxy bool `json:"useProxy,omitempty"` } @@ -162,12 +162,12 @@ type HumioActionSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the Action - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ViewName is the name of the Humio View under which the Action will be managed. This can also be a Repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ViewName string `json:"viewName"` // EmailProperties indicates this is an Email Action, and contains the corresponding properties EmailProperties *HumioActionEmailProperties `json:"emailProperties,omitempty"` @@ -193,8 +193,8 @@ type HumioActionStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // HumioAction is the Schema for the humioactions API type HumioAction struct { @@ -205,7 +205,7 @@ type HumioAction struct { Status HumioActionStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioActionList contains a list of HumioAction type HumioActionList struct { diff --git a/api/v1alpha1/humioaggregatealert_types.go b/api/v1alpha1/humioaggregatealert_types.go index 64b11c88..3f5b4921 100644 --- a/api/v1alpha1/humioaggregatealert_types.go +++ b/api/v1alpha1/humioaggregatealert_types.go @@ -41,19 +41,19 @@ type HumioAggregateAlertSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the aggregate alert inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ViewName is the name of the Humio View under which the aggregate alert will be managed. This can also be a Repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ViewName string `json:"viewName"` // QueryString defines the desired Humio query string QueryString string `json:"queryString"` // QueryTimestampType defines the timestamp type to use for a query QueryTimestampType string `json:"queryTimestampType,omitempty"` // Description is the description of the Aggregate alert - //+optional + // +optional Description string `json:"description,omitempty"` // Search Interval time in seconds SearchIntervalSeconds int `json:"searchIntervalSeconds,omitempty"` @@ -64,7 +64,7 @@ type HumioAggregateAlertSpec struct { // Aggregate Alert trigger mode TriggerMode string `json:"triggerMode,omitempty"` // Enabled will set the AggregateAlert to enabled when set to true - //+kubebuilder:default=false + // +kubebuilder:default=false Enabled bool `json:"enabled,omitempty"` // Actions is the list of Humio Actions by name that will be triggered by this Aggregate alert Actions []string `json:"actions"` @@ -78,8 +78,8 @@ type HumioAggregateAlertStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // HumioAggregateAlert is the Schema for the humioAggregateAlerts API type HumioAggregateAlert struct { @@ -90,7 +90,7 @@ type HumioAggregateAlert struct { Status HumioAggregateAlertStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioAggregateAlertList contains a list of HumioAggregateAlert type HumioAggregateAlertList struct { diff --git a/api/v1alpha1/humioalert_types.go b/api/v1alpha1/humioalert_types.go index 2dec50bd..2a626285 100644 --- a/api/v1alpha1/humioalert_types.go +++ b/api/v1alpha1/humioalert_types.go @@ -55,18 +55,18 @@ type HumioAlertSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the alert inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ViewName is the name of the Humio View under which the Alert will be managed. This can also be a Repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ViewName string `json:"viewName"` // Query defines the desired state of the Humio query - //+required + // +required Query HumioQuery `json:"query"` // Description is the description of the Alert - //+optional + // +optional Description string `json:"description,omitempty"` // ThrottleTimeMillis is the throttle time in milliseconds. An Alert is triggered at most once per the throttle time ThrottleTimeMillis int `json:"throttleTimeMillis,omitempty"` @@ -86,8 +86,8 @@ type HumioAlertStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // HumioAlert is the Schema for the humioalerts API type HumioAlert struct { @@ -98,7 +98,7 @@ type HumioAlert struct { Status HumioAlertStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioAlertList contains a list of HumioAlert type HumioAlertList struct { diff --git a/api/v1alpha1/humiobootstraptoken_types.go b/api/v1alpha1/humiobootstraptoken_types.go index af64529e..4df4fe38 100644 --- a/api/v1alpha1/humiobootstraptoken_types.go +++ b/api/v1alpha1/humiobootstraptoken_types.go @@ -91,11 +91,11 @@ type HumioHashedTokenSecretStatus struct { SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humiobootstraptokens,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the bootstrap token" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Bootstrap Token" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humiobootstraptokens,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the bootstrap token" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Bootstrap Token" // HumioBootstrapToken defines the bootstrap token that Humio will use to bootstrap authentication type HumioBootstrapToken struct { @@ -106,7 +106,7 @@ type HumioBootstrapToken struct { Status HumioBootstrapTokenStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioBootstrapTokenList contains a list of HumioBootstrapTokens type HumioBootstrapTokenList struct { diff --git a/api/v1alpha1/humiocluster_types.go b/api/v1alpha1/humiocluster_types.go index fd6c525a..5600ef3b 100644 --- a/api/v1alpha1/humiocluster_types.go +++ b/api/v1alpha1/humiocluster_types.go @@ -62,7 +62,7 @@ type HumioClusterSpec struct { // DigestPartitionsCount is the desired number of digest partitions DigestPartitionsCount int `json:"digestPartitionsCount,omitempty"` // License is the kubernetes secret reference which contains the Humio license - //+required + // +required License HumioClusterLicenseSpec `json:"license,omitempty"` // IdpCertificateSecretName is the name of the secret that contains the IDP Certificate when using SAML authentication IdpCertificateSecretName string `json:"idpCertificateSecretName,omitempty"` @@ -109,7 +109,7 @@ type HumioNodeSpec struct { Image string `json:"image,omitempty"` // NodeCount is the desired number of humio cluster nodes - //+kubebuilder:default=0 + // +kubebuilder:default=0 NodeCount int `json:"nodeCount,omitempty"` // DataVolumePersistentVolumeClaimSpecTemplate is the PersistentVolumeClaimSpec that will be used with for the humio data volume. This conflicts with DataVolumeSource. @@ -126,7 +126,7 @@ type HumioNodeSpec struct { // DisableInitContainer is used to disable the init container completely which collects the availability zone from the Kubernetes worker node. // This is not recommended, unless you are using auto rebalancing partitions and are running in a single availability zone. - //+kubebuilder:default=false + // +kubebuilder:default=false DisableInitContainer bool `json:"disableInitContainer,omitempty"` // EnvironmentVariablesSource is the reference to an external source of environment variables that will be merged with environmentVariables @@ -255,7 +255,7 @@ type HumioNodeSpec struct { UpdateStrategy *HumioUpdateStrategy `json:"updateStrategy,omitempty"` // PriorityClassName is the name of the priority class that will be used by the Humio pods - //+kubebuilder:default="" + // +kubebuilder:default="" PriorityClassName string `json:"priorityClassName,omitempty"` // HumioNodePoolFeatures defines the features that are allowed by the node pool @@ -272,7 +272,7 @@ type HumioUpdateStrategy struct { // Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results // in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and // RollingUpdateBestEffort. - /// + // // When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing // existing pods will require each pod to be deleted by the user. // @@ -298,13 +298,13 @@ type HumioUpdateStrategy struct { // MaxUnavailable is the maximum number of pods that can be unavailable during a rolling update. // This can be configured to an absolute number or a percentage, e.g. "maxUnavailable: 5" or "maxUnavailable: 25%". - //+kubebuilder:default=1 + // +kubebuilder:default=1 MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` } type HumioNodePoolSpec struct { - //+kubebuilder:validation:MinLength:=1 - //+required + // +kubebuilder:validation:MinLength:=1 + // +required Name string `json:"name"` HumioNodeSpec `json:"spec,omitempty"` @@ -326,7 +326,7 @@ type HumioESHostnameSource struct { type HumioClusterIngressSpec struct { // Enabled enables the logic for the Humio operator to create ingress-related objects. Requires one of the following // to be set: spec.hostname, spec.hostnameSource, spec.esHostname or spec.esHostnameSource - //+kubebuilder:default=false + // +kubebuilder:default=false Enabled bool `json:"enabled,omitempty"` // Controller is used to specify the controller used for ingress in the Kubernetes cluster. For now, only nginx is supported. Controller string `json:"controller,omitempty"` @@ -394,8 +394,8 @@ type HumioNodePoolStatusList []HumioNodePoolStatus // HumioNodePoolStatus shows the status of each node pool type HumioNodePoolStatus struct { // Name is the name of the node pool - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // State will be empty before the cluster is bootstrapped. From there it can be "Running", "Upgrading", "Restarting" or "Pending" State string `json:"state,omitempty"` @@ -429,13 +429,13 @@ type HumioClusterStatus struct { ObservedGeneration string `json:"observedGeneration,omitempty"` // TODO: We should change the type to int64 so we don't have to convert back and forth between int64 and string } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humioclusters,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the cluster" -//+kubebuilder:printcolumn:name="Nodes",type="string",JSONPath=".status.nodeCount",description="The number of nodes in the cluster" -//+kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version",description="The version of humio" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Cluster" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humioclusters,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the cluster" +// +kubebuilder:printcolumn:name="Nodes",type="string",JSONPath=".status.nodeCount",description="The number of nodes in the cluster" +// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version",description="The version of humio" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Cluster" // HumioCluster is the Schema for the humioclusters API type HumioCluster struct { @@ -446,7 +446,7 @@ type HumioCluster struct { Status HumioClusterStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioClusterList contains a list of HumioCluster type HumioClusterList struct { diff --git a/api/v1alpha1/humioexternalcluster_types.go b/api/v1alpha1/humioexternalcluster_types.go index cfa46ee2..87760df5 100644 --- a/api/v1alpha1/humioexternalcluster_types.go +++ b/api/v1alpha1/humioexternalcluster_types.go @@ -30,8 +30,8 @@ const ( // HumioExternalClusterSpec defines the desired state of HumioExternalCluster type HumioExternalClusterSpec struct { // Url is used to connect to the Humio cluster we want to use. - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Url string `json:"url"` // APITokenSecretName is used to obtain the API token we need to use when communicating with the external Humio cluster. // The secret must contain a key "token" which holds the Humio API token. @@ -51,11 +51,11 @@ type HumioExternalClusterStatus struct { Version string `json:"version,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humioexternalclusters,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the external Humio cluster" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio External Cluster" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humioexternalclusters,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the external Humio cluster" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio External Cluster" // HumioExternalCluster is the Schema for the humioexternalclusters API type HumioExternalCluster struct { @@ -66,7 +66,7 @@ type HumioExternalCluster struct { Status HumioExternalClusterStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioExternalClusterList contains a list of HumioExternalCluster type HumioExternalClusterList struct { diff --git a/api/v1alpha1/humiofilteralert_types.go b/api/v1alpha1/humiofilteralert_types.go index a4129b2d..8f72ac0d 100644 --- a/api/v1alpha1/humiofilteralert_types.go +++ b/api/v1alpha1/humiofilteralert_types.go @@ -41,28 +41,28 @@ type HumioFilterAlertSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the filter alert inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ViewName is the name of the Humio View under which the filter alert will be managed. This can also be a Repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ViewName string `json:"viewName"` // QueryString defines the desired Humio query string QueryString string `json:"queryString"` // Description is the description of the filter alert - //+optional + // +optional Description string `json:"description,omitempty"` // ThrottleTimeSeconds is the throttle time in seconds. A filter alert is triggered at most once per the throttle time - //+kubebuilder:validation:Minimum=60 - //+required + // +kubebuilder:validation:Minimum=60 + // +required ThrottleTimeSeconds int `json:"throttleTimeSeconds,omitempty"` // ThrottleField is the field on which to throttle - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ThrottleField *string `json:"throttleField,omitempty"` // Enabled will set the FilterAlert to enabled when set to true - //+kubebuilder:default=false + // +kubebuilder:default=false Enabled bool `json:"enabled,omitempty"` // Actions is the list of Humio Actions by name that will be triggered by this filter alert Actions []string `json:"actions"` @@ -76,8 +76,8 @@ type HumioFilterAlertStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // HumioFilterAlert is the Schema for the HumioFilterAlerts API type HumioFilterAlert struct { @@ -88,7 +88,7 @@ type HumioFilterAlert struct { Status HumioFilterAlertStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioFilterAlertList contains a list of HumioFilterAlert type HumioFilterAlertList struct { diff --git a/api/v1alpha1/humioingesttoken_types.go b/api/v1alpha1/humioingesttoken_types.go index 85b03b7d..0dccaf1c 100644 --- a/api/v1alpha1/humioingesttoken_types.go +++ b/api/v1alpha1/humioingesttoken_types.go @@ -41,16 +41,16 @@ type HumioIngestTokenSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the ingest token inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ParserName is the name of the parser which will be assigned to the ingest token. - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ParserName *string `json:"parserName,omitempty"` // RepositoryName is the name of the Humio repository under which the ingest token will be created - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required RepositoryName string `json:"repositoryName,omitempty"` // TokenSecretName specifies the name of the Kubernetes secret that will be created // and contain the ingest token. The key in the secret storing the ingest token is "token". @@ -68,11 +68,11 @@ type HumioIngestTokenStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humioingesttokens,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the ingest token" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Ingest Token" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humioingesttokens,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the ingest token" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Ingest Token" // HumioIngestToken is the Schema for the humioingesttokens API type HumioIngestToken struct { @@ -83,7 +83,7 @@ type HumioIngestToken struct { Status HumioIngestTokenStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioIngestTokenList contains a list of HumioIngestToken type HumioIngestTokenList struct { diff --git a/api/v1alpha1/humioparser_types.go b/api/v1alpha1/humioparser_types.go index a77f15f2..fb310a2e 100644 --- a/api/v1alpha1/humioparser_types.go +++ b/api/v1alpha1/humioparser_types.go @@ -41,14 +41,14 @@ type HumioParserSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the parser inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ParserScript contains the code for the Humio parser ParserScript string `json:"parserScript,omitempty"` // RepositoryName defines what repository this parser should be managed in - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required RepositoryName string `json:"repositoryName,omitempty"` // TagFields is used to define what fields will be used to define how data will be tagged when being parsed by // this parser @@ -63,11 +63,11 @@ type HumioParserStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humioparsers,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the parser" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Parser" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humioparsers,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the parser" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Parser" // HumioParser is the Schema for the humioparsers API type HumioParser struct { @@ -78,7 +78,7 @@ type HumioParser struct { Status HumioParserStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioParserList contains a list of HumioParser type HumioParserList struct { diff --git a/api/v1alpha1/humiorepository_types.go b/api/v1alpha1/humiorepository_types.go index 3d3fadeb..2208174f 100644 --- a/api/v1alpha1/humiorepository_types.go +++ b/api/v1alpha1/humiorepository_types.go @@ -35,14 +35,14 @@ const ( type HumioRetention struct { // perhaps we should migrate to resource.Quantity? the Humio API needs float64, but that is not supported here, see more here: // https://github.com/kubernetes-sigs/controller-tools/issues/245 - //+kubebuilder:validation:Minimum=1 - //+optional + // +kubebuilder:validation:Minimum=1 + // +optional IngestSizeInGB *int32 `json:"ingestSizeInGB,omitempty"` - //+kubebuilder:validation:Minimum=1 - //+optional + // +kubebuilder:validation:Minimum=1 + // +optional StorageSizeInGB *int32 `json:"storageSizeInGB,omitempty"` - //+kubebuilder:validation:Minimum=1 - //+optional + // +kubebuilder:validation:Minimum=1 + // +optional TimeInDays *int32 `json:"timeInDays,omitempty"` } @@ -56,11 +56,11 @@ type HumioRepositorySpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the repository inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // Description contains the description that will be set on the repository - //+optional + // +optional Description string `json:"description,omitempty"` // Retention defines the retention settings for the repository Retention HumioRetention `json:"retention,omitempty"` @@ -78,11 +78,11 @@ type HumioRepositoryStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humiorepositories,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the repository" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Repository" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humiorepositories,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the repository" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Repository" // HumioRepository is the Schema for the humiorepositories API type HumioRepository struct { @@ -93,7 +93,7 @@ type HumioRepository struct { Status HumioRepositoryStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioRepositoryList contains a list of HumioRepository type HumioRepositoryList struct { diff --git a/api/v1alpha1/humioscheduledsearch_types.go b/api/v1alpha1/humioscheduledsearch_types.go index 9e53964f..96adc3d3 100644 --- a/api/v1alpha1/humioscheduledsearch_types.go +++ b/api/v1alpha1/humioscheduledsearch_types.go @@ -41,17 +41,17 @@ type HumioScheduledSearchSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the scheduled search inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // ViewName is the name of the Humio View under which the scheduled search will be managed. This can also be a Repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required ViewName string `json:"viewName"` // QueryString defines the desired Humio query string QueryString string `json:"queryString"` // Description is the description of the scheduled search - //+optional + // +optional Description string `json:"description,omitempty"` // QueryStart is the start of the relative time interval for the query. QueryStart string `json:"queryStart"` @@ -64,7 +64,7 @@ type HumioScheduledSearchSpec struct { // BackfillLimit is the user-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. BackfillLimit int `json:"backfillLimit"` // Enabled will set the ScheduledSearch to enabled when set to true - //+kubebuilder:default=false + // +kubebuilder:default=false Enabled bool `json:"enabled,omitempty"` // Actions is the list of Humio Actions by name that will be triggered by this scheduled search Actions []string `json:"actions"` @@ -78,8 +78,8 @@ type HumioScheduledSearchStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // HumioScheduledSearch is the Schema for the HumioScheduledSearches API type HumioScheduledSearch struct { @@ -90,7 +90,7 @@ type HumioScheduledSearch struct { Status HumioScheduledSearchStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioScheduledSearchList contains a list of HumioScheduledSearch type HumioScheduledSearchList struct { diff --git a/api/v1alpha1/humioview_types.go b/api/v1alpha1/humioview_types.go index 2e989bbc..f3d5a6b1 100644 --- a/api/v1alpha1/humioview_types.go +++ b/api/v1alpha1/humioview_types.go @@ -34,8 +34,8 @@ const ( type HumioViewConnection struct { // RepositoryName contains the name of the target repository - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required RepositoryName string `json:"repositoryName,omitempty"` // Filter contains the prefix filter that will be applied for the given RepositoryName Filter string `json:"filter,omitempty"` @@ -51,11 +51,11 @@ type HumioViewSpec struct { // This conflicts with ManagedClusterName. ExternalClusterName string `json:"externalClusterName,omitempty"` // Name is the name of the view inside Humio - //+kubebuilder:validation:MinLength=1 - //+required + // +kubebuilder:validation:MinLength=1 + // +required Name string `json:"name"` // Description contains the description that will be set on the view - //+optional + // +optional Description string `json:"description,omitempty"` // Connections contains the connections to the Humio repositories which is accessible in this view Connections []HumioViewConnection `json:"connections,omitempty"` @@ -69,11 +69,11 @@ type HumioViewStatus struct { State string `json:"state,omitempty"` } -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:path=humioviews,scope=Namespaced -//+kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the view" -//+operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio View" +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=humioviews,scope=Namespaced +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the view" +// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio View" // HumioView is the Schema for the humioviews API type HumioView struct { @@ -84,7 +84,7 @@ type HumioView struct { Status HumioViewStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // HumioViewList contains a list of HumioView type HumioViewList struct { diff --git a/charts/humio-operator/crds/core.humio.com_humioactions.yaml b/charts/humio-operator/crds/core.humio.com_humioactions.yaml index d36a776b..78029861 100644 --- a/charts/humio-operator/crds/core.humio.com_humioactions.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioactions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioactions.core.humio.com labels: app: 'humio-operator' @@ -60,6 +60,8 @@ spec: type: string useProxy: type: boolean + required: + - recipients type: object externalClusterName: description: |- @@ -89,10 +91,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -139,10 +144,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -179,10 +187,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -221,10 +232,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -275,10 +289,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -317,10 +334,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -385,10 +405,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -422,10 +445,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must diff --git a/charts/humio-operator/crds/core.humio.com_humioaggregatealerts.yaml b/charts/humio-operator/crds/core.humio.com_humioaggregatealerts.yaml index c3195f73..3eb9e194 100644 --- a/charts/humio-operator/crds/core.humio.com_humioaggregatealerts.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioaggregatealerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioaggregatealerts.core.humio.com labels: app: 'humio-operator' diff --git a/charts/humio-operator/crds/core.humio.com_humioalerts.yaml b/charts/humio-operator/crds/core.humio.com_humioalerts.yaml index 1cc27958..e178e9c4 100644 --- a/charts/humio-operator/crds/core.humio.com_humioalerts.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioalerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioalerts.core.humio.com labels: app: 'humio-operator' diff --git a/charts/humio-operator/crds/core.humio.com_humiobootstraptokens.yaml b/charts/humio-operator/crds/core.humio.com_humiobootstraptokens.yaml index 5ad306a3..1cd2d26a 100644 --- a/charts/humio-operator/crds/core.humio.com_humiobootstraptokens.yaml +++ b/charts/humio-operator/crds/core.humio.com_humiobootstraptokens.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiobootstraptokens.core.humio.com labels: app: 'humio-operator' @@ -108,11 +108,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -140,11 +142,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -157,6 +161,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -201,11 +206,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -233,14 +240,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -301,11 +311,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -320,13 +332,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -335,13 +347,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -381,11 +393,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -405,6 +419,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -427,6 +442,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -476,11 +492,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -495,13 +513,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -510,13 +528,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -555,11 +573,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -579,6 +599,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -591,6 +612,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -648,11 +670,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -667,13 +691,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -682,13 +706,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -728,11 +752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -752,6 +778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -774,6 +801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -823,11 +851,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -842,13 +872,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -857,13 +887,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -902,11 +932,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -926,6 +958,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -938,6 +971,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object bootstrapImage: @@ -964,10 +998,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -988,10 +1025,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1009,11 +1049,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1024,6 +1062,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1070,10 +1114,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -1102,10 +1149,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -1134,10 +1184,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be diff --git a/charts/humio-operator/crds/core.humio.com_humioclusters.yaml b/charts/humio-operator/crds/core.humio.com_humioclusters.yaml index acf1a251..2538614e 100644 --- a/charts/humio-operator/crds/core.humio.com_humioclusters.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioclusters.core.humio.com labels: app: 'humio-operator' @@ -113,11 +113,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -145,11 +147,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -162,6 +166,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -206,11 +211,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -238,14 +245,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -306,11 +316,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -325,13 +337,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -340,13 +352,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -386,11 +398,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -410,6 +424,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -432,6 +447,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -481,11 +497,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -500,13 +518,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -515,13 +533,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -560,11 +578,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -584,6 +604,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -596,6 +617,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -653,11 +675,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -672,13 +696,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -687,13 +711,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -733,11 +757,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -757,6 +783,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -779,6 +806,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -828,11 +856,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -847,13 +877,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -862,13 +892,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -907,11 +937,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -931,6 +963,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -943,6 +976,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object authServiceAccountName: @@ -990,10 +1024,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1052,10 +1089,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1090,6 +1130,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1106,11 +1147,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1144,6 +1185,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1243,6 +1285,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1259,11 +1302,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1297,6 +1340,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1390,6 +1434,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -1402,12 +1470,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1419,7 +1489,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -1501,7 +1571,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -1562,6 +1631,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1578,11 +1648,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1616,6 +1686,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1719,6 +1790,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -1858,11 +1930,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1890,8 +1964,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -1919,7 +1993,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -1958,6 +2031,7 @@ spec: description: diskURI is the URI of data disk in the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1970,6 +2044,7 @@ spec: in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -2009,6 +2084,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -2030,10 +2106,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2069,10 +2148,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2136,11 +2218,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2173,10 +2259,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2219,7 +2308,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -2278,6 +2368,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -2311,7 +2402,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2322,17 +2412,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2346,7 +2433,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2356,11 +2442,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -2383,6 +2467,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -2527,11 +2612,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2559,8 +2646,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -2585,7 +2672,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2602,6 +2688,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -2609,6 +2696,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -2645,10 +2733,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2682,7 +2773,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2763,9 +2853,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -2782,6 +2869,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2802,7 +2924,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -2814,6 +2935,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2829,6 +2951,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -2839,10 +2962,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2953,24 +3079,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -3011,11 +3137,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3094,11 +3222,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3120,8 +3252,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -3182,6 +3314,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -3225,11 +3358,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3268,6 +3405,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host that @@ -3318,7 +3456,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3326,6 +3463,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -3338,7 +3476,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -3358,14 +3498,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -3380,6 +3524,7 @@ spec: and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3405,10 +3550,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3417,6 +3565,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -3492,6 +3641,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -3523,10 +3673,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3618,10 +3771,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -3680,10 +3836,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -3708,10 +3867,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -3726,10 +3888,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -3756,10 +3921,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -3788,6 +3956,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -3797,6 +3967,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -3837,7 +4026,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3877,6 +4065,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3889,6 +4078,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -3928,6 +4118,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -3949,10 +4140,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3988,10 +4182,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4055,11 +4252,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -4092,10 +4293,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4138,8 +4342,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -4198,6 +4402,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -4231,7 +4436,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -4242,17 +4446,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -4266,7 +4467,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -4276,11 +4476,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -4303,6 +4501,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -4447,11 +4646,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4479,8 +4680,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -4506,7 +4707,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -4523,6 +4723,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -4530,6 +4731,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -4566,10 +4768,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4603,7 +4808,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -4684,9 +4888,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -4703,6 +4904,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -4723,7 +4959,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -4735,6 +4970,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -4750,6 +4986,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -4760,10 +4997,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4880,24 +5120,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -4938,11 +5178,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5021,11 +5263,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -5048,7 +5294,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -5111,6 +5357,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -5154,11 +5401,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -5197,6 +5448,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host @@ -5247,7 +5499,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -5255,6 +5506,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -5267,7 +5519,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -5287,14 +5541,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -5309,6 +5567,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -5334,10 +5593,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5346,6 +5608,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -5421,6 +5684,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -5452,10 +5716,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5524,10 +5791,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -5614,10 +5884,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5634,10 +5907,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must @@ -5701,10 +5977,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -5796,11 +6075,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5828,11 +6109,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -5846,6 +6129,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5890,11 +6174,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5922,14 +6208,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -5993,11 +6282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6012,13 +6303,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6027,13 +6318,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6074,11 +6365,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6098,6 +6391,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6120,6 +6414,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6170,11 +6465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6189,13 +6486,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6204,13 +6501,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6250,11 +6547,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6274,6 +6573,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6286,6 +6586,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -6345,11 +6646,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6364,13 +6667,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6379,13 +6682,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6426,11 +6729,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6450,6 +6755,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6472,6 +6778,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -6522,11 +6829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6541,13 +6850,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6556,13 +6865,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6602,11 +6911,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6626,6 +6937,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6638,6 +6950,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object authServiceAccountName: @@ -6664,6 +6977,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -6681,11 +6995,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -6719,6 +7033,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -6819,6 +7134,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -6836,11 +7152,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -6874,6 +7190,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -6968,6 +7285,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -6981,6 +7322,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -6988,6 +7330,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -6999,7 +7342,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -7081,7 +7424,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -7142,6 +7484,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -7159,11 +7502,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -7197,6 +7540,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -7301,6 +7645,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -7444,11 +7789,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7476,8 +7823,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7505,7 +7852,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7545,6 +7891,7 @@ spec: the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7558,6 +7905,7 @@ spec: set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -7597,6 +7945,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default @@ -7619,10 +7968,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7658,10 +8010,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7726,11 +8081,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7763,10 +8122,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7811,8 +8173,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -7873,6 +8235,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -7906,7 +8269,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -7917,17 +8279,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -7941,7 +8300,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -7951,11 +8309,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -7978,6 +8334,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -8123,11 +8480,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8155,8 +8514,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8182,7 +8541,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -8199,6 +8557,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -8206,6 +8565,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -8242,10 +8602,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8279,7 +8642,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -8360,9 +8722,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -8379,6 +8738,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -8399,7 +8793,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -8411,6 +8804,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -8426,6 +8820,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -8436,10 +8831,13 @@ spec: target and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8552,24 +8950,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -8611,11 +9009,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8694,11 +9094,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether @@ -8721,8 +9125,8 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are - supported.' + labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the @@ -8788,6 +9192,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the @@ -8831,11 +9236,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether @@ -8874,6 +9283,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the @@ -8924,7 +9334,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -8932,6 +9341,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -8944,7 +9354,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -8964,14 +9376,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -8986,6 +9402,7 @@ spec: volume attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9011,10 +9428,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9023,6 +9443,7 @@ spec: communication with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -9099,6 +9520,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -9130,10 +9552,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9223,10 +9648,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -9286,10 +9714,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -9316,10 +9747,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must @@ -9335,10 +9769,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be @@ -9366,6 +9803,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -9375,6 +9814,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -9415,7 +9873,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -9455,6 +9912,7 @@ spec: the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9468,6 +9926,7 @@ spec: set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -9508,6 +9967,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default @@ -9530,10 +9990,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9569,10 +10032,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9637,11 +10103,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -9674,10 +10144,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9723,7 +10196,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -9786,6 +10259,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -9819,7 +10293,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -9830,17 +10303,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -9854,7 +10324,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -9864,11 +10333,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -9891,6 +10358,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -10036,11 +10504,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10068,8 +10538,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10096,7 +10566,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -10113,6 +10582,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -10120,6 +10590,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -10156,10 +10627,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10193,7 +10667,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -10274,9 +10747,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -10293,6 +10763,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -10313,7 +10818,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -10326,6 +10830,7 @@ spec: Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -10341,6 +10846,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -10351,10 +10857,13 @@ spec: iSCSI target and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10473,24 +10982,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -10532,11 +11041,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10616,11 +11127,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether @@ -10644,8 +11159,8 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are - supported.' + labels, name, namespace and + uid are supported.' properties: apiVersion: description: Version of the @@ -10712,6 +11227,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the @@ -10756,11 +11272,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify @@ -10801,6 +11321,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on @@ -10851,7 +11372,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -10859,6 +11379,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -10871,7 +11392,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -10891,14 +11414,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -10913,6 +11440,7 @@ spec: volume attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -10939,10 +11467,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10951,6 +11482,7 @@ spec: communication with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -11027,6 +11559,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -11058,10 +11591,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -11175,10 +11711,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -11195,10 +11734,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -11254,18 +11796,39 @@ spec: description: PodSecurityContext is the security context applied to the Humio pod properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -11352,7 +11915,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -11362,17 +11924,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -11393,6 +11966,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -11440,11 +12014,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -11456,6 +12028,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11515,6 +12093,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -11528,6 +12107,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -11563,10 +12143,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11630,10 +12213,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -11648,6 +12234,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -11664,10 +12253,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11683,10 +12275,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -11696,6 +12291,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -11737,6 +12333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request @@ -11767,6 +12364,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -11850,6 +12448,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request @@ -11880,6 +12479,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -11958,6 +12558,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -11975,11 +12576,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12014,6 +12615,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12171,6 +12773,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -12188,11 +12791,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12227,6 +12830,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12340,11 +12944,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -12356,6 +12958,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -12422,6 +13030,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -12435,6 +13067,7 @@ spec: capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -12442,6 +13075,7 @@ spec: capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -12453,7 +13087,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -12535,7 +13169,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -12599,6 +13232,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -12616,11 +13250,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12655,6 +13289,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12797,6 +13432,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -12816,6 +13454,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -12825,6 +13465,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -12842,6 +13501,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -12940,11 +13602,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12966,7 +13630,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -13006,7 +13669,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -13015,9 +13677,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -13027,7 +13686,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -13039,7 +13697,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -13115,19 +13772,16 @@ spec: Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. - / + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time. enum: @@ -13168,18 +13822,39 @@ spec: description: PodSecurityContext is the security context applied to the Humio pod properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -13266,7 +13941,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -13276,17 +13950,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -13306,6 +13991,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -13353,11 +14039,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -13368,6 +14052,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -13430,6 +14120,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -13443,6 +14134,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -13478,10 +14170,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -13541,10 +14236,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -13559,6 +14257,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -13575,10 +14276,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -13594,10 +14298,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -13606,6 +14313,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -13646,6 +14354,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13675,6 +14384,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -13755,6 +14465,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13784,6 +14495,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -13860,6 +14572,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -13876,11 +14589,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -13914,6 +14627,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14070,6 +14784,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -14086,11 +14801,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -14124,6 +14839,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14237,11 +14953,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14252,6 +14966,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14318,6 +15038,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -14331,6 +15075,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -14338,6 +15083,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -14349,7 +15095,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -14431,7 +15177,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -14495,6 +15240,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -14511,11 +15257,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -14549,6 +15295,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14690,6 +15437,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -14709,6 +15459,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -14718,6 +15470,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -14735,6 +15506,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -14862,11 +15636,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14888,7 +15664,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -14928,7 +15703,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -14937,9 +15711,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -14949,7 +15720,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -14961,7 +15731,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -15037,19 +15806,16 @@ spec: Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. - / + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time. enum: @@ -15064,6 +15830,8 @@ spec: ViewGroupPermissions is a multi-line string containing view-group-permissions.json. Deprecated: Use RolePermissions instead. type: string + required: + - license type: object status: description: HumioClusterStatus defines the observed state of HumioCluster diff --git a/charts/humio-operator/crds/core.humio.com_humioexternalclusters.yaml b/charts/humio-operator/crds/core.humio.com_humioexternalclusters.yaml index 6750ba30..d6aeaff4 100644 --- a/charts/humio-operator/crds/core.humio.com_humioexternalclusters.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioexternalclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioexternalclusters.core.humio.com labels: app: 'humio-operator' diff --git a/charts/humio-operator/crds/core.humio.com_humiofilteralerts.yaml b/charts/humio-operator/crds/core.humio.com_humiofilteralerts.yaml index 3bd1e086..41b633a4 100644 --- a/charts/humio-operator/crds/core.humio.com_humiofilteralerts.yaml +++ b/charts/humio-operator/crds/core.humio.com_humiofilteralerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiofilteralerts.core.humio.com labels: app: 'humio-operator' @@ -100,6 +100,8 @@ spec: - actions - name - queryString + - throttleField + - throttleTimeSeconds - viewName type: object status: diff --git a/charts/humio-operator/crds/core.humio.com_humioingesttokens.yaml b/charts/humio-operator/crds/core.humio.com_humioingesttokens.yaml index c2964bc8..7eeed292 100644 --- a/charts/humio-operator/crds/core.humio.com_humioingesttokens.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioingesttokens.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioingesttokens.core.humio.com labels: app: 'humio-operator' @@ -91,6 +91,8 @@ spec: type: string required: - name + - parserName + - repositoryName type: object status: description: HumioIngestTokenStatus defines the observed state of HumioIngestToken diff --git a/charts/humio-operator/crds/core.humio.com_humioparsers.yaml b/charts/humio-operator/crds/core.humio.com_humioparsers.yaml index 223a62d4..e1ebcef6 100644 --- a/charts/humio-operator/crds/core.humio.com_humioparsers.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioparsers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioparsers.core.humio.com labels: app: 'humio-operator' @@ -88,6 +88,7 @@ spec: type: array required: - name + - repositoryName type: object status: description: HumioParserStatus defines the observed state of HumioParser diff --git a/charts/humio-operator/crds/core.humio.com_humiorepositories.yaml b/charts/humio-operator/crds/core.humio.com_humiorepositories.yaml index a5fe84df..9acede9a 100644 --- a/charts/humio-operator/crds/core.humio.com_humiorepositories.yaml +++ b/charts/humio-operator/crds/core.humio.com_humiorepositories.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiorepositories.core.humio.com labels: app: 'humio-operator' diff --git a/charts/humio-operator/crds/core.humio.com_humioscheduledsearches.yaml b/charts/humio-operator/crds/core.humio.com_humioscheduledsearches.yaml index 5e66ede6..19bdcef4 100644 --- a/charts/humio-operator/crds/core.humio.com_humioscheduledsearches.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioscheduledsearches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioscheduledsearches.core.humio.com labels: app: 'humio-operator' diff --git a/charts/humio-operator/crds/core.humio.com_humioviews.yaml b/charts/humio-operator/crds/core.humio.com_humioviews.yaml index e74f4664..e4136b22 100644 --- a/charts/humio-operator/crds/core.humio.com_humioviews.yaml +++ b/charts/humio-operator/crds/core.humio.com_humioviews.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioviews.core.humio.com labels: app: 'humio-operator' @@ -68,6 +68,8 @@ spec: repository minLength: 1 type: string + required: + - repositoryName type: object type: array description: diff --git a/charts/humio-operator/templates/operator-deployment.yaml b/charts/humio-operator/templates/operator-deployment.yaml index 21088e5e..3e8de092 100644 --- a/charts/humio-operator/templates/operator-deployment.yaml +++ b/charts/humio-operator/templates/operator-deployment.yaml @@ -54,8 +54,6 @@ spec: command: - /manager env: - - name: WATCH_NAMESPACE - value: {{ .Values.operator.watchNamespaces | join "," | quote }} - name: POD_NAME valueFrom: fieldRef: diff --git a/cmd/main.go b/cmd/main.go new file mode 100644 index 00000000..96f72c9f --- /dev/null +++ b/cmd/main.go @@ -0,0 +1,355 @@ +/* +Copyright 2020 Humio https://humio.com + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "fmt" + "os" + "path/filepath" + + cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "github.com/go-logr/logr" + "github.com/go-logr/zapr" + uberzap "go.uber.org/zap" + + "github.com/humio/humio-operator/internal/controller" + "github.com/humio/humio-operator/internal/helpers" + "github.com/humio/humio-operator/internal/humio" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/certwatcher" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + corev1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + + // We override these using ldflags when running "go build" + commit = "none" + date = "unknown" + version = "master" +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(corev1alpha1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +// nolint:gocyclo +func main() { + var metricsAddr string + var metricsCertPath, metricsCertName, metricsCertKey string + var webhookCertPath, webhookCertName, webhookCertKey string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + var tlsOpts []func(*tls.Config) + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+ + "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.") + flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.") + flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.") + flag.StringVar(&metricsCertPath, "metrics-cert-path", "", + "The directory that contains the metrics server certificate.") + flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.") + flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + flag.Parse() + + var log logr.Logger + zapLog, _ := helpers.NewLogger() + defer func(zapLog *uberzap.Logger) { + _ = zapLog.Sync() + }(zapLog) + log = zapr.NewLogger(zapLog).WithValues("Operator.Commit", commit, "Operator.Date", date, "Operator.Version", version) + ctrl.SetLogger(log) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + ctrl.Log.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + // Create watchers for metrics and webhooks certificates + var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher + + // Initial webhook TLS options + webhookTLSOpts := tlsOpts + + if len(webhookCertPath) > 0 { + ctrl.Log.Info("Initializing webhook certificate watcher using provided certificates", + "webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey) + + var err error + webhookCertWatcher, err = certwatcher.New( + filepath.Join(webhookCertPath, webhookCertName), + filepath.Join(webhookCertPath, webhookCertKey), + ) + if err != nil { + ctrl.Log.Error(err, "Failed to initialize webhook certificate watcher") + os.Exit(1) + } + + webhookTLSOpts = append(webhookTLSOpts, func(config *tls.Config) { + config.GetCertificate = webhookCertWatcher.GetCertificate + }) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: webhookTLSOpts, + }) + + // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. + // More info: + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.4/pkg/metrics/server + // - https://book.kubebuilder.io/reference/metrics.html + metricsServerOptions := metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + TLSOpts: tlsOpts, + } + + if secureMetrics { + // FilterProvider is used to protect the metrics endpoint with authn/authz. + // These configurations ensure that only authorized users and service accounts + // can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info: + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.4/pkg/metrics/filters#WithAuthenticationAndAuthorization + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + } + + // If the certificate is not specified, controller-runtime will automatically + // generate self-signed certificates for the metrics server. While convenient for development and testing, + // this setup is not recommended for production. + // + // TODO(user): If you enable certManager, uncomment the following lines: + // - [METRICS-WITH-CERTS] at config/default/kustomization.yaml to generate and use certificates + // managed by cert-manager for the metrics server. + // - [PROMETHEUS-WITH-CERTS] at config/prometheus/kustomization.yaml for TLS certification. + if len(metricsCertPath) > 0 { + ctrl.Log.Info("Initializing metrics certificate watcher using provided certificates", + "metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey) + + var err error + metricsCertWatcher, err = certwatcher.New( + filepath.Join(metricsCertPath, metricsCertName), + filepath.Join(metricsCertPath, metricsCertKey), + ) + if err != nil { + ctrl.Log.Error(err, "to initialize metrics certificate watcher", "error", err) + os.Exit(1) + } + + metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) { + config.GetCertificate = metricsCertWatcher.GetCertificate + }) + } + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsServerOptions, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "d7845218.humio.com", + Logger: log, + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + ctrl.Log.Error(err, "unable to start manager") + os.Exit(1) + } + + if helpers.UseCertManager() { + if err = cmapi.AddToScheme(mgr.GetScheme()); err != nil { + ctrl.Log.Error(err, "unable to add cert-manager to scheme") + os.Exit(2) + } + } + + userAgent := fmt.Sprintf("humio-operator/%s (%s on %s)", version, commit, date) + + if err = (&controller.HumioExternalClusterReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioExternalCluster") + os.Exit(1) + } + if err = (&controller.HumioClusterReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioCluster") + os.Exit(1) + } + if err = (&controller.HumioIngestTokenReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioIngestToken") + os.Exit(1) + } + if err = (&controller.HumioParserReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioParser") + os.Exit(1) + } + if err = (&controller.HumioRepositoryReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioRepository") + os.Exit(1) + } + if err = (&controller.HumioViewReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioView") + os.Exit(1) + } + if err = (&controller.HumioActionReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAction") + os.Exit(1) + } + if err = (&controller.HumioAlertReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAlert") + os.Exit(1) + } + if err = (&controller.HumioFilterAlertReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioFilterAlert") + } + if err = (&controller.HumioBootstrapTokenReconciler{ + Client: mgr.GetClient(), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioBootstrapToken") + os.Exit(1) + } + if err = (&controller.HumioAggregateAlertReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAggregateAlert") + os.Exit(1) + } + if err = (&controller.HumioScheduledSearchReconciler{ + Client: mgr.GetClient(), + HumioClient: humio.NewClient(log, userAgent), + BaseLogger: log, + }).SetupWithManager(mgr); err != nil { + ctrl.Log.Error(err, "unable to create controller", "controller", "HumioScheduledSearch") + os.Exit(1) + } + // +kubebuilder:scaffold:builder + + if metricsCertWatcher != nil { + ctrl.Log.Info("Adding metrics certificate watcher to manager") + if err := mgr.Add(metricsCertWatcher); err != nil { + ctrl.Log.Error(err, "unable to add metrics certificate watcher to manager") + os.Exit(1) + } + } + + if webhookCertWatcher != nil { + ctrl.Log.Info("Adding webhook certificate watcher to manager") + if err := mgr.Add(webhookCertWatcher); err != nil { + ctrl.Log.Error(err, "unable to add webhook certificate watcher to manager") + os.Exit(1) + } + } + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + ctrl.Log.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + ctrl.Log.Error(err, "unable to set up ready check") + os.Exit(1) + } + + ctrl.Log.Info(fmt.Sprintf("starting manager for humio-operator %s (%s on %s)", version, commit, date)) + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + ctrl.Log.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/config/crd/bases/core.humio.com_humioactions.yaml b/config/crd/bases/core.humio.com_humioactions.yaml index d36a776b..78029861 100644 --- a/config/crd/bases/core.humio.com_humioactions.yaml +++ b/config/crd/bases/core.humio.com_humioactions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioactions.core.humio.com labels: app: 'humio-operator' @@ -60,6 +60,8 @@ spec: type: string useProxy: type: boolean + required: + - recipients type: object externalClusterName: description: |- @@ -89,10 +91,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -139,10 +144,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -179,10 +187,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -221,10 +232,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -275,10 +289,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -317,10 +334,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -385,10 +405,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -422,10 +445,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must diff --git a/config/crd/bases/core.humio.com_humioaggregatealerts.yaml b/config/crd/bases/core.humio.com_humioaggregatealerts.yaml index c3195f73..3eb9e194 100644 --- a/config/crd/bases/core.humio.com_humioaggregatealerts.yaml +++ b/config/crd/bases/core.humio.com_humioaggregatealerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioaggregatealerts.core.humio.com labels: app: 'humio-operator' diff --git a/config/crd/bases/core.humio.com_humioalerts.yaml b/config/crd/bases/core.humio.com_humioalerts.yaml index 1cc27958..e178e9c4 100644 --- a/config/crd/bases/core.humio.com_humioalerts.yaml +++ b/config/crd/bases/core.humio.com_humioalerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioalerts.core.humio.com labels: app: 'humio-operator' diff --git a/config/crd/bases/core.humio.com_humiobootstraptokens.yaml b/config/crd/bases/core.humio.com_humiobootstraptokens.yaml index 5ad306a3..1cd2d26a 100644 --- a/config/crd/bases/core.humio.com_humiobootstraptokens.yaml +++ b/config/crd/bases/core.humio.com_humiobootstraptokens.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiobootstraptokens.core.humio.com labels: app: 'humio-operator' @@ -108,11 +108,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -140,11 +142,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -157,6 +161,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -201,11 +206,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -233,14 +240,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -301,11 +311,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -320,13 +332,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -335,13 +347,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -381,11 +393,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -405,6 +419,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -427,6 +442,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -476,11 +492,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -495,13 +513,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -510,13 +528,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -555,11 +573,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -579,6 +599,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -591,6 +612,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -648,11 +670,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -667,13 +691,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -682,13 +706,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -728,11 +752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -752,6 +778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -774,6 +801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -823,11 +851,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -842,13 +872,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -857,13 +887,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -902,11 +932,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -926,6 +958,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -938,6 +971,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object bootstrapImage: @@ -964,10 +998,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -988,10 +1025,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1009,11 +1049,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1024,6 +1062,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1070,10 +1114,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -1102,10 +1149,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -1134,10 +1184,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be diff --git a/config/crd/bases/core.humio.com_humioclusters.yaml b/config/crd/bases/core.humio.com_humioclusters.yaml index acf1a251..2538614e 100644 --- a/config/crd/bases/core.humio.com_humioclusters.yaml +++ b/config/crd/bases/core.humio.com_humioclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioclusters.core.humio.com labels: app: 'humio-operator' @@ -113,11 +113,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -145,11 +147,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -162,6 +166,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -206,11 +211,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -238,14 +245,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -306,11 +316,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -325,13 +337,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -340,13 +352,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -386,11 +398,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -410,6 +424,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -432,6 +447,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -481,11 +497,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -500,13 +518,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -515,13 +533,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -560,11 +578,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -584,6 +604,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -596,6 +617,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -653,11 +675,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -672,13 +696,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -687,13 +711,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -733,11 +757,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -757,6 +783,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -779,6 +806,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -828,11 +856,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -847,13 +877,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -862,13 +892,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -907,11 +937,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -931,6 +963,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -943,6 +976,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object authServiceAccountName: @@ -990,10 +1024,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1052,10 +1089,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1090,6 +1130,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1106,11 +1147,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1144,6 +1185,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1243,6 +1285,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1259,11 +1302,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1297,6 +1340,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1390,6 +1434,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -1402,12 +1470,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1419,7 +1489,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -1501,7 +1571,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -1562,6 +1631,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1578,11 +1648,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1616,6 +1686,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1719,6 +1790,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -1858,11 +1930,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1890,8 +1964,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -1919,7 +1993,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -1958,6 +2031,7 @@ spec: description: diskURI is the URI of data disk in the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1970,6 +2044,7 @@ spec: in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -2009,6 +2084,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -2030,10 +2106,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2069,10 +2148,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2136,11 +2218,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2173,10 +2259,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2219,7 +2308,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -2278,6 +2368,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -2311,7 +2402,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2322,17 +2412,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2346,7 +2433,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2356,11 +2442,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -2383,6 +2467,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -2527,11 +2612,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2559,8 +2646,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -2585,7 +2672,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2602,6 +2688,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -2609,6 +2696,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -2645,10 +2733,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2682,7 +2773,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2763,9 +2853,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -2782,6 +2869,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2802,7 +2924,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -2814,6 +2935,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2829,6 +2951,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -2839,10 +2962,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2953,24 +3079,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -3011,11 +3137,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3094,11 +3222,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3120,8 +3252,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -3182,6 +3314,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -3225,11 +3358,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3268,6 +3405,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host that @@ -3318,7 +3456,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3326,6 +3463,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -3338,7 +3476,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -3358,14 +3498,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -3380,6 +3524,7 @@ spec: and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3405,10 +3550,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3417,6 +3565,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -3492,6 +3641,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -3523,10 +3673,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3618,10 +3771,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -3680,10 +3836,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -3708,10 +3867,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -3726,10 +3888,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -3756,10 +3921,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -3788,6 +3956,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -3797,6 +3967,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -3837,7 +4026,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3877,6 +4065,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3889,6 +4078,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -3928,6 +4118,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -3949,10 +4140,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3988,10 +4182,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4055,11 +4252,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -4092,10 +4293,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4138,8 +4342,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -4198,6 +4402,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -4231,7 +4436,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -4242,17 +4446,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -4266,7 +4467,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -4276,11 +4476,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -4303,6 +4501,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -4447,11 +4646,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4479,8 +4680,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -4506,7 +4707,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -4523,6 +4723,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -4530,6 +4731,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -4566,10 +4768,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4603,7 +4808,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -4684,9 +4888,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -4703,6 +4904,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -4723,7 +4959,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -4735,6 +4970,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -4750,6 +4986,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -4760,10 +4997,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4880,24 +5120,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -4938,11 +5178,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5021,11 +5263,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -5048,7 +5294,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -5111,6 +5357,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -5154,11 +5401,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -5197,6 +5448,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host @@ -5247,7 +5499,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -5255,6 +5506,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -5267,7 +5519,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -5287,14 +5541,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -5309,6 +5567,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -5334,10 +5593,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5346,6 +5608,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -5421,6 +5684,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -5452,10 +5716,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5524,10 +5791,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -5614,10 +5884,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5634,10 +5907,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must @@ -5701,10 +5977,13 @@ spec: a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be @@ -5796,11 +6075,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5828,11 +6109,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -5846,6 +6129,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5890,11 +6174,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5922,14 +6208,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -5993,11 +6282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6012,13 +6303,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6027,13 +6318,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6074,11 +6365,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6098,6 +6391,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6120,6 +6414,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6170,11 +6465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6189,13 +6486,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6204,13 +6501,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6250,11 +6547,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6274,6 +6573,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6286,6 +6586,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -6345,11 +6646,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6364,13 +6667,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6379,13 +6682,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6426,11 +6729,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6450,6 +6755,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6472,6 +6778,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -6522,11 +6829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6541,13 +6850,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6556,13 +6865,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6602,11 +6911,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6626,6 +6937,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6638,6 +6950,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object authServiceAccountName: @@ -6664,6 +6977,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -6681,11 +6995,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -6719,6 +7033,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -6819,6 +7134,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -6836,11 +7152,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -6874,6 +7190,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -6968,6 +7285,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -6981,6 +7322,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -6988,6 +7330,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -6999,7 +7342,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -7081,7 +7424,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -7142,6 +7484,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -7159,11 +7502,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -7197,6 +7540,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -7301,6 +7645,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -7444,11 +7789,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7476,8 +7823,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7505,7 +7852,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7545,6 +7891,7 @@ spec: the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7558,6 +7905,7 @@ spec: set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -7597,6 +7945,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default @@ -7619,10 +7968,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7658,10 +8010,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7726,11 +8081,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7763,10 +8122,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7811,8 +8173,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -7873,6 +8235,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -7906,7 +8269,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -7917,17 +8279,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -7941,7 +8300,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -7951,11 +8309,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -7978,6 +8334,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -8123,11 +8480,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8155,8 +8514,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8182,7 +8541,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -8199,6 +8557,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -8206,6 +8565,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -8242,10 +8602,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8279,7 +8642,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -8360,9 +8722,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -8379,6 +8738,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -8399,7 +8793,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -8411,6 +8804,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -8426,6 +8820,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -8436,10 +8831,13 @@ spec: target and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8552,24 +8950,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -8611,11 +9009,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8694,11 +9094,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether @@ -8721,8 +9125,8 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are - supported.' + labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the @@ -8788,6 +9192,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the @@ -8831,11 +9236,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether @@ -8874,6 +9283,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the @@ -8924,7 +9334,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -8932,6 +9341,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -8944,7 +9354,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -8964,14 +9376,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -8986,6 +9402,7 @@ spec: volume attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9011,10 +9428,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9023,6 +9443,7 @@ spec: communication with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -9099,6 +9520,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -9130,10 +9552,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9223,10 +9648,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -9286,10 +9714,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -9316,10 +9747,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must @@ -9335,10 +9769,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be @@ -9366,6 +9803,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -9375,6 +9814,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -9415,7 +9873,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -9455,6 +9912,7 @@ spec: the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9468,6 +9926,7 @@ spec: set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -9508,6 +9967,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default @@ -9530,10 +9990,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9569,10 +10032,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9637,11 +10103,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -9674,10 +10144,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9723,7 +10196,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -9786,6 +10259,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -9819,7 +10293,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -9830,17 +10303,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -9854,7 +10324,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -9864,11 +10333,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -9891,6 +10358,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -10036,11 +10504,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10068,8 +10538,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10096,7 +10566,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -10113,6 +10582,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -10120,6 +10590,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -10156,10 +10627,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10193,7 +10667,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -10274,9 +10747,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -10293,6 +10763,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -10313,7 +10818,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -10326,6 +10830,7 @@ spec: Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -10341,6 +10846,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -10351,10 +10857,13 @@ spec: iSCSI target and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10473,24 +10982,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -10532,11 +11041,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10616,11 +11127,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether @@ -10644,8 +11159,8 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are - supported.' + labels, name, namespace and + uid are supported.' properties: apiVersion: description: Version of the @@ -10712,6 +11227,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the @@ -10756,11 +11272,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify @@ -10801,6 +11321,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on @@ -10851,7 +11372,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -10859,6 +11379,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -10871,7 +11392,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -10891,14 +11414,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -10913,6 +11440,7 @@ spec: volume attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -10939,10 +11467,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10951,6 +11482,7 @@ spec: communication with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -11027,6 +11559,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -11058,10 +11591,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -11175,10 +11711,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -11195,10 +11734,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -11254,18 +11796,39 @@ spec: description: PodSecurityContext is the security context applied to the Humio pod properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -11352,7 +11915,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -11362,17 +11924,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -11393,6 +11966,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -11440,11 +12014,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -11456,6 +12028,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11515,6 +12093,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -11528,6 +12107,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -11563,10 +12143,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11630,10 +12213,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -11648,6 +12234,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -11664,10 +12253,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11683,10 +12275,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -11696,6 +12291,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -11737,6 +12333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request @@ -11767,6 +12364,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -11850,6 +12448,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request @@ -11880,6 +12479,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -11958,6 +12558,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -11975,11 +12576,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12014,6 +12615,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12171,6 +12773,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -12188,11 +12791,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12227,6 +12830,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12340,11 +12944,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -12356,6 +12958,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -12422,6 +13030,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -12435,6 +13067,7 @@ spec: capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -12442,6 +13075,7 @@ spec: capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -12453,7 +13087,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -12535,7 +13169,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -12599,6 +13232,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -12616,11 +13250,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -12655,6 +13289,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -12797,6 +13432,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -12816,6 +13454,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -12825,6 +13465,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -12842,6 +13501,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -12940,11 +13602,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12966,7 +13630,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -13006,7 +13669,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -13015,9 +13677,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -13027,7 +13686,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -13039,7 +13697,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -13115,19 +13772,16 @@ spec: Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. - / + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time. enum: @@ -13168,18 +13822,39 @@ spec: description: PodSecurityContext is the security context applied to the Humio pod properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -13266,7 +13941,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -13276,17 +13950,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -13306,6 +13991,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -13353,11 +14039,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -13368,6 +14052,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -13430,6 +14120,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -13443,6 +14134,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -13478,10 +14170,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -13541,10 +14236,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -13559,6 +14257,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -13575,10 +14276,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -13594,10 +14298,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -13606,6 +14313,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -13646,6 +14354,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13675,6 +14384,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -13755,6 +14465,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13784,6 +14495,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -13860,6 +14572,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -13876,11 +14589,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -13914,6 +14627,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14070,6 +14784,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -14086,11 +14801,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -14124,6 +14839,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14237,11 +14953,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14252,6 +14966,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14318,6 +15038,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -14331,6 +15075,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -14338,6 +15083,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -14349,7 +15095,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -14431,7 +15177,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -14495,6 +15240,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -14511,11 +15257,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -14549,6 +15295,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -14690,6 +15437,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -14709,6 +15459,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -14718,6 +15470,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -14735,6 +15506,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -14862,11 +15636,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14888,7 +15664,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -14928,7 +15703,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -14937,9 +15711,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -14949,7 +15720,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -14961,7 +15731,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -15037,19 +15806,16 @@ spec: Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. - / + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time. enum: @@ -15064,6 +15830,8 @@ spec: ViewGroupPermissions is a multi-line string containing view-group-permissions.json. Deprecated: Use RolePermissions instead. type: string + required: + - license type: object status: description: HumioClusterStatus defines the observed state of HumioCluster diff --git a/config/crd/bases/core.humio.com_humioexternalclusters.yaml b/config/crd/bases/core.humio.com_humioexternalclusters.yaml index 6750ba30..d6aeaff4 100644 --- a/config/crd/bases/core.humio.com_humioexternalclusters.yaml +++ b/config/crd/bases/core.humio.com_humioexternalclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioexternalclusters.core.humio.com labels: app: 'humio-operator' diff --git a/config/crd/bases/core.humio.com_humiofilteralerts.yaml b/config/crd/bases/core.humio.com_humiofilteralerts.yaml index 3bd1e086..41b633a4 100644 --- a/config/crd/bases/core.humio.com_humiofilteralerts.yaml +++ b/config/crd/bases/core.humio.com_humiofilteralerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiofilteralerts.core.humio.com labels: app: 'humio-operator' @@ -100,6 +100,8 @@ spec: - actions - name - queryString + - throttleField + - throttleTimeSeconds - viewName type: object status: diff --git a/config/crd/bases/core.humio.com_humioingesttokens.yaml b/config/crd/bases/core.humio.com_humioingesttokens.yaml index c2964bc8..7eeed292 100644 --- a/config/crd/bases/core.humio.com_humioingesttokens.yaml +++ b/config/crd/bases/core.humio.com_humioingesttokens.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioingesttokens.core.humio.com labels: app: 'humio-operator' @@ -91,6 +91,8 @@ spec: type: string required: - name + - parserName + - repositoryName type: object status: description: HumioIngestTokenStatus defines the observed state of HumioIngestToken diff --git a/config/crd/bases/core.humio.com_humioparsers.yaml b/config/crd/bases/core.humio.com_humioparsers.yaml index 223a62d4..e1ebcef6 100644 --- a/config/crd/bases/core.humio.com_humioparsers.yaml +++ b/config/crd/bases/core.humio.com_humioparsers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioparsers.core.humio.com labels: app: 'humio-operator' @@ -88,6 +88,7 @@ spec: type: array required: - name + - repositoryName type: object status: description: HumioParserStatus defines the observed state of HumioParser diff --git a/config/crd/bases/core.humio.com_humiorepositories.yaml b/config/crd/bases/core.humio.com_humiorepositories.yaml index a5fe84df..9acede9a 100644 --- a/config/crd/bases/core.humio.com_humiorepositories.yaml +++ b/config/crd/bases/core.humio.com_humiorepositories.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humiorepositories.core.humio.com labels: app: 'humio-operator' diff --git a/config/crd/bases/core.humio.com_humioscheduledsearches.yaml b/config/crd/bases/core.humio.com_humioscheduledsearches.yaml index 5e66ede6..19bdcef4 100644 --- a/config/crd/bases/core.humio.com_humioscheduledsearches.yaml +++ b/config/crd/bases/core.humio.com_humioscheduledsearches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioscheduledsearches.core.humio.com labels: app: 'humio-operator' diff --git a/config/crd/bases/core.humio.com_humioviews.yaml b/config/crd/bases/core.humio.com_humioviews.yaml index e74f4664..e4136b22 100644 --- a/config/crd/bases/core.humio.com_humioviews.yaml +++ b/config/crd/bases/core.humio.com_humioviews.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.0 name: humioviews.core.humio.com labels: app: 'humio-operator' @@ -68,6 +68,8 @@ spec: repository minLength: 1 type: string + required: + - repositoryName type: object type: array description: diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index fd131bb4..eff5d9e8 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,51 +2,26 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/core.humio.com_humioexternalclusters.yaml - bases/core.humio.com_humioclusters.yaml -- bases/core.humio.com_humioingesttokens.yaml -- bases/core.humio.com_humioparsers.yaml -- bases/core.humio.com_humiorepositories.yaml -- bases/core.humio.com_humioviews.yaml - bases/core.humio.com_humioactions.yaml +- bases/core.humio.com_humioaggregatealerts.yaml - bases/core.humio.com_humioalerts.yaml +- bases/core.humio.com_humiobootstraptokens.yaml +- bases/core.humio.com_humioexternalclusters.yaml - bases/core.humio.com_humiofilteralerts.yaml +- bases/core.humio.com_humioingesttokens.yaml +- bases/core.humio.com_humioparsers.yaml +- bases/core.humio.com_humiorepositories.yaml - bases/core.humio.com_humioscheduledsearches.yaml -- bases/core.humio.com_humioaggregatealerts.yaml -- bases/core.humio.com_humiobootstraptokens.yaml +- bases/core.humio.com_humioviews.yaml # +kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: +patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_humioexternalclusters.yaml -#- patches/webhook_in_humioclusters.yaml -#- patches/webhook_in_humioingesttokens.yaml -#- patches/webhook_in_humioparsers.yaml -#- patches/webhook_in_humiorepositories.yaml -#- patches/webhook_in_humioviews.yaml -#- patches/webhook_in_humioactions.yaml -#- patches/webhook_in_humioalerts.yaml -#- patches/webhook_in_humiofilteralerts.yaml -#- patches/webhook_in_humioscheduledsearches.yaml -#- patches/webhook_in_humioaggregatealerts.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch -# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_humioexternalclusters.yaml -#- patches/cainjection_in_humioclusters.yaml -#- patches/cainjection_in_humioingesttokens.yaml -#- patches/cainjection_in_humioparsers.yaml -#- patches/cainjection_in_humiorepositories.yaml -#- patches/cainjection_in_humioviews.yaml -#- patches/cainjection_in_humioactions.yaml -#- patches/cainjection_in_humioalerts.yaml -#- patches/cainjection_in_humiofilteralerts.yaml -#- patches/cainjection_in_humioscheduledsearches.yaml -#- patches/cainjection_in_humioaggregatealerts.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch - +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml +#configurations: +#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index 6f83d9a9..ec5c150a 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -4,13 +4,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/name + path: spec/conversion/webhook/clientConfig/service/name namespace: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/namespace + path: spec/conversion/webhook/clientConfig/service/namespace create: false varReference: diff --git a/config/crd/patches/cainjection_in_humioactions.yaml b/config/crd/patches/cainjection_in_humioactions.yaml deleted file mode 100644 index b81f85fa..00000000 --- a/config/crd/patches/cainjection_in_humioactions.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioactions.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioaggregatealerts.yaml b/config/crd/patches/cainjection_in_humioaggregatealerts.yaml deleted file mode 100644 index 0875b775..00000000 --- a/config/crd/patches/cainjection_in_humioaggregatealerts.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioaggregatealerts.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioalerts.yaml b/config/crd/patches/cainjection_in_humioalerts.yaml deleted file mode 100644 index 03256ff7..00000000 --- a/config/crd/patches/cainjection_in_humioalerts.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioalerts.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioclusters.yaml b/config/crd/patches/cainjection_in_humioclusters.yaml deleted file mode 100644 index d4957dbc..00000000 --- a/config/crd/patches/cainjection_in_humioclusters.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioclusters.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioexternalclusters.yaml b/config/crd/patches/cainjection_in_humioexternalclusters.yaml deleted file mode 100644 index 37bc690a..00000000 --- a/config/crd/patches/cainjection_in_humioexternalclusters.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioexternalclusters.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioingesttokens.yaml b/config/crd/patches/cainjection_in_humioingesttokens.yaml deleted file mode 100644 index e4bf4438..00000000 --- a/config/crd/patches/cainjection_in_humioingesttokens.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioingesttokens.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioparsers.yaml b/config/crd/patches/cainjection_in_humioparsers.yaml deleted file mode 100644 index d53109fa..00000000 --- a/config/crd/patches/cainjection_in_humioparsers.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioparsers.core.humio.com diff --git a/config/crd/patches/cainjection_in_humiorepositories.yaml b/config/crd/patches/cainjection_in_humiorepositories.yaml deleted file mode 100644 index 8b1b50c6..00000000 --- a/config/crd/patches/cainjection_in_humiorepositories.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humiorepositories.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioscheduledsearches.yaml b/config/crd/patches/cainjection_in_humioscheduledsearches.yaml deleted file mode 100644 index b430636a..00000000 --- a/config/crd/patches/cainjection_in_humioscheduledsearches.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioscheduledsearches.core.humio.com diff --git a/config/crd/patches/cainjection_in_humioviews.yaml b/config/crd/patches/cainjection_in_humioviews.yaml deleted file mode 100644 index 98012f57..00000000 --- a/config/crd/patches/cainjection_in_humioviews.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: humioviews.core.humio.com diff --git a/config/crd/patches/webhook_in_humioactions.yaml b/config/crd/patches/webhook_in_humioactions.yaml deleted file mode 100644 index b99b8216..00000000 --- a/config/crd/patches/webhook_in_humioactions.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioactions.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioaggregatealerts.yaml b/config/crd/patches/webhook_in_humioaggregatealerts.yaml deleted file mode 100644 index 90005716..00000000 --- a/config/crd/patches/webhook_in_humioaggregatealerts.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioaggregatealerts.core.humio.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_humioalerts.yaml b/config/crd/patches/webhook_in_humioalerts.yaml deleted file mode 100644 index 8e5c915c..00000000 --- a/config/crd/patches/webhook_in_humioalerts.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioalerts.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioclusters.yaml b/config/crd/patches/webhook_in_humioclusters.yaml deleted file mode 100644 index 9f76ea86..00000000 --- a/config/crd/patches/webhook_in_humioclusters.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioclusters.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioexternalclusters.yaml b/config/crd/patches/webhook_in_humioexternalclusters.yaml deleted file mode 100644 index 52e9d4a9..00000000 --- a/config/crd/patches/webhook_in_humioexternalclusters.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioexternalclusters.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioingesttokens.yaml b/config/crd/patches/webhook_in_humioingesttokens.yaml deleted file mode 100644 index d60b6358..00000000 --- a/config/crd/patches/webhook_in_humioingesttokens.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioingesttokens.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioparsers.yaml b/config/crd/patches/webhook_in_humioparsers.yaml deleted file mode 100644 index 1ed24a60..00000000 --- a/config/crd/patches/webhook_in_humioparsers.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioparsers.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humiorepositories.yaml b/config/crd/patches/webhook_in_humiorepositories.yaml deleted file mode 100644 index 021d03c0..00000000 --- a/config/crd/patches/webhook_in_humiorepositories.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humiorepositories.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/crd/patches/webhook_in_humioscheduledsearches.yaml b/config/crd/patches/webhook_in_humioscheduledsearches.yaml deleted file mode 100644 index d28881d9..00000000 --- a/config/crd/patches/webhook_in_humioscheduledsearches.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioscheduledsearches.core.humio.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_humioviews.yaml b/config/crd/patches/webhook_in_humioviews.yaml deleted file mode 100644 index 17635ccc..00000000 --- a/config/crd/patches/webhook_in_humioviews.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: humioviews.core.humio.com -spec: - conversion: - strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert diff --git a/config/default/cert_metrics_manager_patch.yaml b/config/default/cert_metrics_manager_patch.yaml new file mode 100644 index 00000000..d9750155 --- /dev/null +++ b/config/default/cert_metrics_manager_patch.yaml @@ -0,0 +1,30 @@ +# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs. + +# Add the volumeMount for the metrics-server certs +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + mountPath: /tmp/k8s-metrics-server/metrics-certs + name: metrics-certs + readOnly: true + +# Add the --metrics-cert-path argument for the metrics server +- op: add + path: /spec/template/spec/containers/0/args/- + value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs + +# Add the metrics-server certs volume configuration +- op: add + path: /spec/template/spec/volumes/- + value: + name: metrics-certs + secret: + secretName: metrics-server-cert + optional: false + items: + - key: ca.crt + path: ca.crt + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index a3114d7d..8a98497b 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -9,10 +9,12 @@ namespace: humio-operator-system namePrefix: humio-operator- # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager @@ -23,48 +25,188 @@ bases: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] Expose the controller manager metrics service. +- metrics_service.yaml +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. +# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will +# be able to communicate with the Webhook Server. +#- ../network-policy -patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +# Uncomment the patches line if you enable Metrics +patches: +# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. +# More info: https://book.kubebuilder.io/reference/metrics +- path: manager_metrics_patch.yaml + target: + kind: Deployment + +# Uncomment the patches line if you enable Metrics and CertManager +# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line. +# This patch will protect the metrics with certManager self-signed certs. +#- path: cert_metrics_manager_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml +#- path: manager_webhook_patch.yaml +# target: +# kind: Deployment -# the following config is for teaching kustomize how to do var substitution -vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Uncomment the following block to enable certificates for metrics +# kind: Service +# version: v1 +# name: controller-manager-metrics-service +# fieldPath: metadata.name +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: metrics-certs +# fieldPaths: +# - spec.dnsNames.0 +# - spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# +# - source: +# kind: Service +# version: v1 +# name: controller-manager-metrics-service +# fieldPath: metadata.namespace +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: metrics-certs +# fieldPaths: +# - spec.dnsNames.0 +# - spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true +# +# - source: # Uncomment the following block if you have any webhook +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # Name of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # Namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true +# +# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation) +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # This name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # Namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# +# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting ) +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.namespace # Namespace of the certificate CR +# targets: +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.name +# targets: +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# +# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion) +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.namespace # Namespace of the certificate CR +# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD. +# +kubebuilder:scaffold:crdkustomizecainjectionns +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.name +# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD. +# +kubebuilder:scaffold:crdkustomizecainjectionname diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 77e743d1..00000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml deleted file mode 100644 index 6c400155..00000000 --- a/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml new file mode 100644 index 00000000..2aaef653 --- /dev/null +++ b/config/default/manager_metrics_patch.yaml @@ -0,0 +1,4 @@ +# This patch adds the args to allow exposing the metrics endpoint using HTTPS +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8443 diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de350..00000000 --- a/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/config/rbac/auth_proxy_service.yaml b/config/default/metrics_service.yaml similarity index 59% rename from config/rbac/auth_proxy_service.yaml rename to config/default/metrics_service.yaml index 6cf656be..caa59bcb 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/default/metrics_service.yaml @@ -3,12 +3,16 @@ kind: Service metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: controller-manager-metrics-service namespace: system spec: ports: - name: https port: 8443 - targetPort: https + protocol: TCP + targetPort: 8443 selector: control-plane: controller-manager + app.kubernetes.io/name: humio-operator diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 02ab515d..00000000 --- a/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml deleted file mode 100644 index be4eece8..00000000 --- a/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: d7845218.humio.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 96532c80..5c5f0b84 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,8 +1,2 @@ resources: - manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: humio/humio-operator - newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index bab5e091..b5d68b3c 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -3,6 +3,8 @@ kind: Namespace metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: system --- apiVersion: apps/v1 @@ -12,29 +14,85 @@ metadata: namespace: system labels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize spec: selector: matchLabels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator replicas: 1 template: metadata: + annotations: + kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + # Projects are configured by default to adhere to the "restricted" Pod Security Standards. + # This ensures that deployments meet the highest security requirements for Kubernetes. + # For more details, see: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - command: - /manager args: - - --enable-leader-election + - --leader-elect + - --health-probe-bind-address=:8081 image: controller:latest name: manager + ports: [] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: - cpu: 100m - memory: 30Mi + cpu: 500m + memory: 128Mi requests: - cpu: 100m - memory: 20Mi + cpu: 10m + memory: 64Mi + volumeMounts: [] + volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/humio-operator.clusterserviceversion.yaml b/config/manifests/bases/humio-operator.clusterserviceversion.yaml deleted file mode 100644 index f7695cb1..00000000 --- a/config/manifests/bases/humio-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: '[]' - capabilities: Basic Install - name: humio-operator.v0.0.0 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - description: HumioAction is the Schema for the humioactions API - displayName: Humio Action - kind: HumioAction - name: humioactions.core.humio.com - version: v1alpha1 - - description: HumioAlert is the Schema for the humioalerts API - displayName: Humio Alert - kind: HumioAlert - name: humioalerts.core.humio.com - version: v1alpha1 - - description: HumioCluster is the Schema for the humioclusters API - displayName: Humio Cluster - kind: HumioCluster - name: humioclusters.core.humio.com - version: v1alpha1 - - description: HumioExternalCluster is the Schema for the humioexternalclusters - API - displayName: Humio External Cluster - kind: HumioExternalCluster - name: humioexternalclusters.core.humio.com - version: v1alpha1 - - description: HumioIngestToken is the Schema for the humioingesttokens API - displayName: Humio Ingest Token - kind: HumioIngestToken - name: humioingesttokens.core.humio.com - version: v1alpha1 - - description: HumioParser is the Schema for the humioparsers API - displayName: Humio Parser - kind: HumioParser - name: humioparsers.core.humio.com - version: v1alpha1 - - description: HumioRepository is the Schema for the humiorepositories API - displayName: Humio Repository - kind: HumioRepository - name: humiorepositories.core.humio.com - version: v1alpha1 - - description: HumioView is the Schema for the humioviews API - displayName: Humio View - kind: HumioView - name: humioviews.core.humio.com - version: v1alpha1 - description: Operator for managing Humio Clusters - displayName: Humio Operator - icon: - - base64data: "" - mediatype: "" - install: - spec: - deployments: null - strategy: "" - installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - humio - links: - - name: Humio Operator - url: https://humio-operator.domain - maturity: alpha - provider: - name: Humio - version: 0.0.0 diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml new file mode 100644 index 00000000..55c64fb9 --- /dev/null +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,27 @@ +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gather data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + app.kubernetes.io/name: humio-operator + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml new file mode 100644 index 00000000..ec0fb5e5 --- /dev/null +++ b/config/network-policy/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- allow-metrics-traffic.yaml diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..fdc5481b 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,11 @@ resources: - monitor.yaml + +# [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus +# to securely reference certificates created and managed by cert-manager. +# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml +# to mount the "metrics-server-cert" secret in the Manager Deployment. +#patches: +# - path: monitor_tls_patch.yaml +# target: +# kind: ServiceMonitor diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..0a77a77b 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,20 +1,27 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: controller-manager-metrics-monitor namespace: system spec: endpoints: - path: /metrics - port: https + port: https # Ensure this is the name of the port that exposes HTTPS metrics scheme: https bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification, exposing the system to potential man-in-the-middle attacks. + # For production environments, it is recommended to use cert-manager for automatic TLS certificate management. + # To apply this configuration, enable cert-manager and use the patch located at config/prometheus/servicemonitor_tls_patch.yaml, + # which securely references the certificate from the 'metrics-server-cert' secret. insecureSkipVerify: true selector: matchLabels: control-plane: controller-manager + app.kubernetes.io/name: humio-operator diff --git a/config/prometheus/monitor_tls_patch.yaml b/config/prometheus/monitor_tls_patch.yaml new file mode 100644 index 00000000..e824dd0f --- /dev/null +++ b/config/prometheus/monitor_tls_patch.yaml @@ -0,0 +1,22 @@ +# Patch for Prometheus ServiceMonitor to enable secure TLS configuration +# using certificates managed by cert-manager +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - tlsConfig: + insecureSkipVerify: false + ca: + secret: + name: metrics-server-cert + key: ca.crt + cert: + secret: + name: metrics-server-cert + key: tls.crt + keySecret: + name: metrics-server-cert + key: tls.key diff --git a/config/rbac/humioaction_admin_role.yaml b/config/rbac/humioaction_admin_role.yaml new file mode 100644 index 00000000..4977b87f --- /dev/null +++ b/config/rbac/humioaction_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioaction-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioactions + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioactions/status + verbs: + - get diff --git a/config/rbac/humioaction_editor_role.yaml b/config/rbac/humioaction_editor_role.yaml index 21ebb731..b535f2d4 100644 --- a/config/rbac/humioaction_editor_role.yaml +++ b/config/rbac/humioaction_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioactions. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioaction-editor-role rules: - apiGroups: diff --git a/config/rbac/humioaction_viewer_role.yaml b/config/rbac/humioaction_viewer_role.yaml index df565537..66c96ae1 100644 --- a/config/rbac/humioaction_viewer_role.yaml +++ b/config/rbac/humioaction_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioactions. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioaction-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioaggregatealert_admin_role.yaml b/config/rbac/humioaggregatealert_admin_role.yaml new file mode 100644 index 00000000..b72d3a5c --- /dev/null +++ b/config/rbac/humioaggregatealert_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioaggregatealert-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioaggregatealerts + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioaggregatealerts/status + verbs: + - get diff --git a/config/rbac/humioaggregatealert_editor_role.yaml b/config/rbac/humioaggregatealert_editor_role.yaml index 5ea44e30..38d8420d 100644 --- a/config/rbac/humioaggregatealert_editor_role.yaml +++ b/config/rbac/humioaggregatealert_editor_role.yaml @@ -1,13 +1,15 @@ -# permissions for end users to edit humioaggregatealerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: humioaggregatealert-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: humio-operator - app.kubernetes.io/part-of: humio-operator + app.kubernetes.io/name: humio-operator app.kubernetes.io/managed-by: kustomize name: humioaggregatealert-editor-role rules: diff --git a/config/rbac/humioaggregatealert_viewer_role.yaml b/config/rbac/humioaggregatealert_viewer_role.yaml index 78693f1f..0f09cfea 100644 --- a/config/rbac/humioaggregatealert_viewer_role.yaml +++ b/config/rbac/humioaggregatealert_viewer_role.yaml @@ -1,13 +1,15 @@ -# permissions for end users to view humioaggregatealerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: humioaggregatealert-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: humio-operator - app.kubernetes.io/part-of: humio-operator + app.kubernetes.io/name: humio-operator app.kubernetes.io/managed-by: kustomize name: humioaggregatealert-viewer-role rules: diff --git a/config/rbac/humioalert_admin_role.yaml b/config/rbac/humioalert_admin_role.yaml new file mode 100644 index 00000000..1084435e --- /dev/null +++ b/config/rbac/humioalert_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioalert-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioalerts + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioalerts/status + verbs: + - get diff --git a/config/rbac/humioalert_editor_role.yaml b/config/rbac/humioalert_editor_role.yaml index 5a87e4b0..be344346 100644 --- a/config/rbac/humioalert_editor_role.yaml +++ b/config/rbac/humioalert_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioalerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioalert-editor-role rules: - apiGroups: diff --git a/config/rbac/humioalert_viewer_role.yaml b/config/rbac/humioalert_viewer_role.yaml index f04b510a..3e47b26b 100644 --- a/config/rbac/humioalert_viewer_role.yaml +++ b/config/rbac/humioalert_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioalerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioalert-viewer-role rules: - apiGroups: diff --git a/config/rbac/humiobootstraptoken_admin_role.yaml b/config/rbac/humiobootstraptoken_admin_role.yaml new file mode 100644 index 00000000..83efdea3 --- /dev/null +++ b/config/rbac/humiobootstraptoken_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiobootstraptoken-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens/status + verbs: + - get diff --git a/config/rbac/humiobootstraptoken_editor_role.yaml b/config/rbac/humiobootstraptoken_editor_role.yaml new file mode 100644 index 00000000..a9179ff4 --- /dev/null +++ b/config/rbac/humiobootstraptoken_editor_role.yaml @@ -0,0 +1,33 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiobootstraptoken-editor-role +rules: +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens/status + verbs: + - get diff --git a/config/rbac/humiobootstraptoken_viewer_role.yaml b/config/rbac/humiobootstraptoken_viewer_role.yaml new file mode 100644 index 00000000..f8a4ba79 --- /dev/null +++ b/config/rbac/humiobootstraptoken_viewer_role.yaml @@ -0,0 +1,29 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiobootstraptoken-viewer-role +rules: +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens + verbs: + - get + - list + - watch +- apiGroups: + - core.humio.com + resources: + - humiobootstraptokens/status + verbs: + - get diff --git a/config/rbac/humiocluster_admin_role.yaml b/config/rbac/humiocluster_admin_role.yaml new file mode 100644 index 00000000..c21e5244 --- /dev/null +++ b/config/rbac/humiocluster_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiocluster-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioclusters + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioclusters/status + verbs: + - get diff --git a/config/rbac/humiocluster_editor_role.yaml b/config/rbac/humiocluster_editor_role.yaml index c71a8070..7f23f3e8 100644 --- a/config/rbac/humiocluster_editor_role.yaml +++ b/config/rbac/humiocluster_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioclusters. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiocluster-editor-role rules: - apiGroups: diff --git a/config/rbac/humiocluster_viewer_role.yaml b/config/rbac/humiocluster_viewer_role.yaml index 8c76d79d..deb6499b 100644 --- a/config/rbac/humiocluster_viewer_role.yaml +++ b/config/rbac/humiocluster_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioclusters. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiocluster-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioexternalcluster_admin_role.yaml b/config/rbac/humioexternalcluster_admin_role.yaml new file mode 100644 index 00000000..787db520 --- /dev/null +++ b/config/rbac/humioexternalcluster_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioexternalcluster-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioexternalclusters + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioexternalclusters/status + verbs: + - get diff --git a/config/rbac/humioexternalcluster_editor_role.yaml b/config/rbac/humioexternalcluster_editor_role.yaml index cad92b20..9a51035a 100644 --- a/config/rbac/humioexternalcluster_editor_role.yaml +++ b/config/rbac/humioexternalcluster_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioexternalclusters. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioexternalcluster-editor-role rules: - apiGroups: diff --git a/config/rbac/humioexternalcluster_viewer_role.yaml b/config/rbac/humioexternalcluster_viewer_role.yaml index 7044a334..95870f3c 100644 --- a/config/rbac/humioexternalcluster_viewer_role.yaml +++ b/config/rbac/humioexternalcluster_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioexternalclusters. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioexternalcluster-viewer-role rules: - apiGroups: diff --git a/config/rbac/humiofilteralert_admin_role.yaml b/config/rbac/humiofilteralert_admin_role.yaml new file mode 100644 index 00000000..18bf36ae --- /dev/null +++ b/config/rbac/humiofilteralert_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiofilteralert-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humiofilteralerts + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humiofilteralerts/status + verbs: + - get diff --git a/config/rbac/humiofilteralert_editor_role.yaml b/config/rbac/humiofilteralert_editor_role.yaml index 6ca5dde7..b29c7311 100644 --- a/config/rbac/humiofilteralert_editor_role.yaml +++ b/config/rbac/humiofilteralert_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humiofilteralerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiofilteralert-editor-role rules: - apiGroups: diff --git a/config/rbac/humiofilteralert_viewer_role.yaml b/config/rbac/humiofilteralert_viewer_role.yaml index 0642e530..ea409677 100644 --- a/config/rbac/humiofilteralert_viewer_role.yaml +++ b/config/rbac/humiofilteralert_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humiofilteralerts. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiofilteralert-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioingesttoken_admin_role.yaml b/config/rbac/humioingesttoken_admin_role.yaml new file mode 100644 index 00000000..82efae31 --- /dev/null +++ b/config/rbac/humioingesttoken_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioingesttoken-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioingesttokens + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioingesttokens/status + verbs: + - get diff --git a/config/rbac/humioingesttoken_editor_role.yaml b/config/rbac/humioingesttoken_editor_role.yaml index 404cc378..7547235c 100644 --- a/config/rbac/humioingesttoken_editor_role.yaml +++ b/config/rbac/humioingesttoken_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioingesttokens. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioingesttoken-editor-role rules: - apiGroups: diff --git a/config/rbac/humioingesttoken_viewer_role.yaml b/config/rbac/humioingesttoken_viewer_role.yaml index 24f9f1f8..1334b358 100644 --- a/config/rbac/humioingesttoken_viewer_role.yaml +++ b/config/rbac/humioingesttoken_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioingesttokens. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioingesttoken-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioparser_admin_role.yaml b/config/rbac/humioparser_admin_role.yaml new file mode 100644 index 00000000..a8e62874 --- /dev/null +++ b/config/rbac/humioparser_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioparser-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioparsers + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioparsers/status + verbs: + - get diff --git a/config/rbac/humioparser_editor_role.yaml b/config/rbac/humioparser_editor_role.yaml index 64f4e0f0..c17a0add 100644 --- a/config/rbac/humioparser_editor_role.yaml +++ b/config/rbac/humioparser_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioparsers. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioparser-editor-role rules: - apiGroups: diff --git a/config/rbac/humioparser_viewer_role.yaml b/config/rbac/humioparser_viewer_role.yaml index 34f47d22..7f61dcd0 100644 --- a/config/rbac/humioparser_viewer_role.yaml +++ b/config/rbac/humioparser_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioparsers. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioparser-viewer-role rules: - apiGroups: diff --git a/config/rbac/humiorepository_admin_role.yaml b/config/rbac/humiorepository_admin_role.yaml new file mode 100644 index 00000000..3d30b5a9 --- /dev/null +++ b/config/rbac/humiorepository_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiorepository-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humiorepositories + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humiorepositories/status + verbs: + - get diff --git a/config/rbac/humiorepository_editor_role.yaml b/config/rbac/humiorepository_editor_role.yaml index cee908ae..cdcf86a4 100644 --- a/config/rbac/humiorepository_editor_role.yaml +++ b/config/rbac/humiorepository_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humiorepositories. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiorepository-editor-role rules: - apiGroups: diff --git a/config/rbac/humiorepository_viewer_role.yaml b/config/rbac/humiorepository_viewer_role.yaml index cc222482..f5e68470 100644 --- a/config/rbac/humiorepository_viewer_role.yaml +++ b/config/rbac/humiorepository_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humiorepositories. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humiorepository-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioscheduledsearch_admin_role.yaml b/config/rbac/humioscheduledsearch_admin_role.yaml new file mode 100644 index 00000000..0d1f6138 --- /dev/null +++ b/config/rbac/humioscheduledsearch_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioscheduledsearch-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioscheduledsearches + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioscheduledsearches/status + verbs: + - get diff --git a/config/rbac/humioscheduledsearch_editor_role.yaml b/config/rbac/humioscheduledsearch_editor_role.yaml index 32b32e39..45932645 100644 --- a/config/rbac/humioscheduledsearch_editor_role.yaml +++ b/config/rbac/humioscheduledsearch_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioscheduledsearches. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioscheduledsearch-editor-role rules: - apiGroups: diff --git a/config/rbac/humioscheduledsearch_viewer_role.yaml b/config/rbac/humioscheduledsearch_viewer_role.yaml index dff6a197..842075e9 100644 --- a/config/rbac/humioscheduledsearch_viewer_role.yaml +++ b/config/rbac/humioscheduledsearch_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioscheduledsearches. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioscheduledsearch-viewer-role rules: - apiGroups: diff --git a/config/rbac/humioview_admin_role.yaml b/config/rbac/humioview_admin_role.yaml new file mode 100644 index 00000000..01e262d9 --- /dev/null +++ b/config/rbac/humioview_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over core.humio.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioview-admin-role +rules: +- apiGroups: + - core.humio.com + resources: + - humioviews + verbs: + - '*' +- apiGroups: + - core.humio.com + resources: + - humioviews/status + verbs: + - get diff --git a/config/rbac/humioview_editor_role.yaml b/config/rbac/humioview_editor_role.yaml index d1ac0fe7..9354a21a 100644 --- a/config/rbac/humioview_editor_role.yaml +++ b/config/rbac/humioview_editor_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to edit humioviews. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the core.humio.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioview-editor-role rules: - apiGroups: diff --git a/config/rbac/humioview_viewer_role.yaml b/config/rbac/humioview_viewer_role.yaml index 688ccf40..d1fa7208 100644 --- a/config/rbac/humioview_viewer_role.yaml +++ b/config/rbac/humioview_viewer_role.yaml @@ -1,7 +1,16 @@ -# permissions for end users to view humioviews. +# This rule is not used by the project humio-operator itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to core.humio.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioview-viewer-role rules: - apiGroups: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 40bc8c2a..93c19d5b 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,10 +9,53 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -#- auth_proxy_service.yaml -#- auth_proxy_role.yaml -#- auth_proxy_role_binding.yaml -#- auth_proxy_client_clusterrole.yaml +# The following RBAC configurations are used to protect +# the metrics endpoint with authn/authz. These configurations +# ensure that only authorized users and service accounts +# can access the metrics endpoint. Comment the following +# permissions if you want to disable this protection. +# More info: https://book.kubebuilder.io/reference/metrics.html +- metrics_auth_role.yaml +- metrics_auth_role_binding.yaml +- metrics_reader_role.yaml +# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the {{ .ProjectName }} itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- humioview_admin_role.yaml +- humioview_editor_role.yaml +- humioview_viewer_role.yaml +- humioscheduledsearch_admin_role.yaml +- humioscheduledsearch_editor_role.yaml +- humioscheduledsearch_viewer_role.yaml +- humiorepository_admin_role.yaml +- humiorepository_editor_role.yaml +- humiorepository_viewer_role.yaml +- humioparser_admin_role.yaml +- humioparser_editor_role.yaml +- humioparser_viewer_role.yaml +- humioingesttoken_admin_role.yaml +- humioingesttoken_editor_role.yaml +- humioingesttoken_viewer_role.yaml +- humiofilteralert_admin_role.yaml +- humiofilteralert_editor_role.yaml +- humiofilteralert_viewer_role.yaml +- humioexternalcluster_admin_role.yaml +- humioexternalcluster_editor_role.yaml +- humioexternalcluster_viewer_role.yaml +- humiobootstraptoken_admin_role.yaml +- humiobootstraptoken_editor_role.yaml +- humiobootstraptoken_viewer_role.yaml +- humioalert_admin_role.yaml +- humioalert_editor_role.yaml +- humioalert_viewer_role.yaml +- humioaggregatealert_admin_role.yaml +- humioaggregatealert_editor_role.yaml +- humioaggregatealert_viewer_role.yaml +- humioaction_admin_role.yaml +- humioaction_editor_role.yaml +- humioaction_viewer_role.yaml +- humiocluster_admin_role.yaml +- humiocluster_editor_role.yaml +- humiocluster_viewer_role.yaml + diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec80..9599d4a9 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -2,6 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: leader-election-role rules: - apiGroups: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed..234c3cc4 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,6 +1,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: leader-election-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/metrics_auth_role.yaml similarity index 90% rename from config/rbac/auth_proxy_role.yaml rename to config/rbac/metrics_auth_role.yaml index 80e1857c..32d2e4ec 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/metrics_auth_role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: proxy-role + name: metrics-auth-role rules: - apiGroups: - authentication.k8s.io diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml similarity index 79% rename from config/rbac/auth_proxy_role_binding.yaml rename to config/rbac/metrics_auth_role_binding.yaml index ec7acc0a..e775d67f 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/metrics_auth_role_binding.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: proxy-rolebinding + name: metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: proxy-role + name: metrics-auth-role subjects: - kind: ServiceAccount name: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/metrics_reader_role.yaml similarity index 100% rename from config/rbac/auth_proxy_client_clusterrole.yaml rename to config/rbac/metrics_reader_role.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a538a200..6a4c428d 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -8,101 +8,13 @@ rules: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - endpoints - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - services/finalizers verbs: - create @@ -112,295 +24,20 @@ rules: - patch - update - watch -- apiGroups: - - core.humio.com - resources: - - HumioBootstrapTokens - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - HumioBootstrapTokens/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - HumioBootstrapTokens/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - - humioAggregateAlerts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioAggregateAlerts/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioAggregateAlerts/status - verbs: - - get - - patch - - update - apiGroups: - core.humio.com resources: - humioactions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioactions/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioactions/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: + - humioaggregatealerts - humioalerts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioalerts/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioalerts/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: + - humiobootstraptokens - humioclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioclusters/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioclusters/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humioexternalclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioexternalclusters/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioexternalclusters/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humiofilteralerts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humiofilteralerts/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humiofilteralerts/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humioingesttokens - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioingesttokens/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioingesttokens/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humioparsers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioparsers/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioparsers/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humiorepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humiorepositories/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humiorepositories/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humioscheduledsearches - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - core.humio.com - resources: - - humioscheduledsearches/finalizers - verbs: - - update -- apiGroups: - - core.humio.com - resources: - - humioscheduledsearches/status - verbs: - - get - - patch - - update -- apiGroups: - - core.humio.com - resources: - humioviews verbs: - create @@ -413,12 +50,34 @@ rules: - apiGroups: - core.humio.com resources: + - humioactions/finalizers + - humioaggregatealerts/finalizers + - humioalerts/finalizers + - humiobootstraptokens/finalizers + - humioclusters/finalizers + - humioexternalclusters/finalizers + - humiofilteralerts/finalizers + - humioingesttokens/finalizers + - humioparsers/finalizers + - humiorepositories/finalizers + - humioscheduledsearches/finalizers - humioviews/finalizers verbs: - update - apiGroups: - core.humio.com resources: + - humioactions/status + - humioaggregatealerts/status + - humioalerts/status + - humiobootstraptokens/status + - humioclusters/status + - humioexternalclusters/status + - humiofilteralerts/status + - humioingesttokens/status + - humioparsers/status + - humiorepositories/status + - humioscheduledsearches/status - humioviews/status verbs: - get diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede4..07504498 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,6 +1,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025b..96c41b8f 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,5 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: controller-manager namespace: system diff --git a/config/samples/core_v1alpha1_humioaction.yaml b/config/samples/core_v1alpha1_humioaction.yaml index b5077b03..09792d71 100644 --- a/config/samples/core_v1alpha1_humioaction.yaml +++ b/config/samples/core_v1alpha1_humioaction.yaml @@ -1,9 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioAction metadata: - name: humioaction-example + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioaction-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: example-email-action viewName: humio emailProperties: @@ -12,4 +15,4 @@ spec: subjectTemplate: "{alert_name} has alerted" bodyTemplate: |- {alert_name} has alerted - click {url} to see the alert \ No newline at end of file + click {url} to see the alert diff --git a/config/samples/core_v1alpha1_humioaggregatealert.yaml b/config/samples/core_v1alpha1_humioaggregatealert.yaml index 1032166f..3ca207ab 100644 --- a/config/samples/core_v1alpha1_humioaggregatealert.yaml +++ b/config/samples/core_v1alpha1_humioaggregatealert.yaml @@ -2,9 +2,11 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioAggregateAlert metadata: labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize name: humioaggregatealert-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: "example-aggregatealert" queryString: "#repo = humio | error = true | count() | _count > 0" viewName: "humio" diff --git a/config/samples/core_v1alpha1_humioalert.yaml b/config/samples/core_v1alpha1_humioalert.yaml index eb5352ea..d945057e 100644 --- a/config/samples/core_v1alpha1_humioalert.yaml +++ b/config/samples/core_v1alpha1_humioalert.yaml @@ -1,9 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioAlert metadata: - name: humioalert-example + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioalert-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: example-alert viewName: humio query: @@ -15,4 +18,4 @@ spec: silenced: false description: Error counts actions: - - example-email-action \ No newline at end of file + - example-email-action diff --git a/examples/humiobootstraptoken.yaml b/config/samples/core_v1alpha1_humiobootstraptoken.yaml similarity index 62% rename from examples/humiobootstraptoken.yaml rename to config/samples/core_v1alpha1_humiobootstraptoken.yaml index ef175b3d..24a37563 100644 --- a/examples/humiobootstraptoken.yaml +++ b/config/samples/core_v1alpha1_humiobootstraptoken.yaml @@ -1,9 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioBootstrapToken metadata: - name: example-bootstraptoken + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiobootstraptoken-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample tokenSecret: secretKeyRef: name: example-bootstraptoken-token-secret diff --git a/config/samples/core_v1alpha1_humiocluster.yaml b/config/samples/core_v1alpha1_humiocluster.yaml index 233b6a29..5d48565f 100644 --- a/config/samples/core_v1alpha1_humiocluster.yaml +++ b/config/samples/core_v1alpha1_humiocluster.yaml @@ -1,12 +1,10 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioCluster metadata: - name: example-humiocluster labels: - app: 'humiocluster' - app.kubernetes.io/name: 'humiocluster' - app.kubernetes.io/instance: 'example-humiocluster' - app.kubernetes.io/managed-by: 'manual' + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiocluster-sample spec: extraKafkaConfigs: "security.protocol=PLAINTEXT" tls: diff --git a/config/samples/core_v1alpha1_humiocluster_shared_serviceaccount.yaml b/config/samples/core_v1alpha1_humiocluster_shared_serviceaccount.yaml deleted file mode 100644 index 5eeddcbb..00000000 --- a/config/samples/core_v1alpha1_humiocluster_shared_serviceaccount.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster - labels: - app: 'humiocluster' - app.kubernetes.io/name: 'humiocluster' - app.kubernetes.io/instance: 'example-humiocluster' - app.kubernetes.io/managed-by: 'manual' -spec: - extraKafkaConfigs: "security.protocol=PLAINTEXT" - tls: - enabled: false - image: "humio/humio-core:1.82.1" - humioServiceAccountName: humio - initServiceAccountName: humio - podAnnotations: - linkerd.io/inject: enabled - config.linkerd.io/skip-outbound-ports: "2181" - config.linkerd.io/skip-inbound-ports: "2181" - nodeCount: 1 - targetReplicationFactor: 1 - environmentVariables: - - name: "HUMIO_OPTS" - value: "-Dakka.log-config-on-start=on -Dlog4j2.formatMsgNoLookups=true -Dzookeeper.client.secure=false" - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless:9092" - - name: "SINGLE_USER_PASSWORD" - value: "develop3r" - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi diff --git a/config/samples/core_v1alpha1_humioexternalcluster.yaml b/config/samples/core_v1alpha1_humioexternalcluster.yaml index 217bf864..147ea5c7 100644 --- a/config/samples/core_v1alpha1_humioexternalcluster.yaml +++ b/config/samples/core_v1alpha1_humioexternalcluster.yaml @@ -1,13 +1,11 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioExternalCluster metadata: - name: example-humioexternalcluster labels: - app: 'humioexternalcluster' - app.kubernetes.io/name: 'humioexternalcluster' - app.kubernetes.io/instance: 'example-humioexternalcluster' - app.kubernetes.io/managed-by: 'manual' + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioexternalcluster-sample spec: - url: "https://example-humiocluster.default:8080/" - apiTokenSecretName: "example-humiocluster-admin-token" - caSecretName: "example-humiocluster" + url: "https://humiocluster-sample.default:8080/" + apiTokenSecretName: "humiocluster-sample-admin-token" + caSecretName: "humiocluster-sample" diff --git a/config/samples/core_v1alpha1_humiofilteralert.yaml b/config/samples/core_v1alpha1_humiofilteralert.yaml index ff129fcb..c39e3e77 100644 --- a/config/samples/core_v1alpha1_humiofilteralert.yaml +++ b/config/samples/core_v1alpha1_humiofilteralert.yaml @@ -1,13 +1,16 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioFilterAlert metadata: - name: humiofilteralert-example + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiofilteralert-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: example-filteralert viewName: humio queryString: "#repo = humio | error = true | count() | _count > 0" enabled: true description: Error counts actions: - - example-email-action \ No newline at end of file + - example-email-action diff --git a/config/samples/core_v1alpha1_humioingesttoken.yaml b/config/samples/core_v1alpha1_humioingesttoken.yaml index 12972709..e089e8bc 100644 --- a/config/samples/core_v1alpha1_humioingesttoken.yaml +++ b/config/samples/core_v1alpha1_humioingesttoken.yaml @@ -1,28 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioIngestToken metadata: - name: example-humioingesttoken-managed labels: - app: 'humioingesttoken' - app.kubernetes.io/name: 'humioingesttoken' - app.kubernetes.io/instance: 'example-humioingesttoken-managed' - app.kubernetes.io/managed-by: 'manual' + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioingesttoken-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: example-token repositoryName: humio ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - name: example-humioingesttoken-external - labels: - app: 'humioingesttoken' - app.kubernetes.io/name: 'humioingesttoken' - app.kubernetes.io/instance: 'example-humioingesttoken-external' - app.kubernetes.io/managed-by: 'manual' -spec: - externalClusterName: example-humioexternalcluster - name: example-token-external - repositoryName: humio tokenSecretName: humio-ingesttoken diff --git a/config/samples/core_v1alpha1_humioparser.yaml b/config/samples/core_v1alpha1_humioparser.yaml index 06f85ae4..112a30c8 100644 --- a/config/samples/core_v1alpha1_humioparser.yaml +++ b/config/samples/core_v1alpha1_humioparser.yaml @@ -1,14 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioParser metadata: - name: example-humioparser labels: - app: 'humioparser' - app.kubernetes.io/name: 'humioparser' - app.kubernetes.io/instance: 'example-humioparser' - app.kubernetes.io/managed-by: 'manual' + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioparser-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: "example-humioparser" parserScript: "kvParse()" repositoryName: "humio" diff --git a/config/samples/core_v1alpha1_humiorepository.yaml b/config/samples/core_v1alpha1_humiorepository.yaml index b3883b01..ad59cd97 100644 --- a/config/samples/core_v1alpha1_humiorepository.yaml +++ b/config/samples/core_v1alpha1_humiorepository.yaml @@ -1,14 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioRepository metadata: - name: example-humiorepository labels: - app: 'humiorepository' - app.kubernetes.io/name: 'humiorepository' - app.kubernetes.io/instance: 'example-humiorepository' - app.kubernetes.io/managed-by: 'manual' + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humiorepository-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: "example-repository" description: "this is an important message" allowDataDeletion: false diff --git a/config/samples/core_v1alpha1_humioscheduledsearch.yaml b/config/samples/core_v1alpha1_humioscheduledsearch.yaml index 083aecdd..14750e5a 100644 --- a/config/samples/core_v1alpha1_humioscheduledsearch.yaml +++ b/config/samples/core_v1alpha1_humioscheduledsearch.yaml @@ -1,9 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioScheduledSearch metadata: - name: humioscheduledsearch-example + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioscheduledsearch-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: example-scheduledsearch viewName: humio queryString: "#repo = humio | error = true | count() | _count > 0" diff --git a/config/samples/core_v1alpha1_humioview.yaml b/config/samples/core_v1alpha1_humioview.yaml index b24254a4..82b71dc5 100644 --- a/config/samples/core_v1alpha1_humioview.yaml +++ b/config/samples/core_v1alpha1_humioview.yaml @@ -1,9 +1,12 @@ apiVersion: core.humio.com/v1alpha1 kind: HumioView metadata: - name: example-humioview-managed + labels: + app.kubernetes.io/name: humio-operator + app.kubernetes.io/managed-by: kustomize + name: humioview-sample spec: - managedClusterName: example-humiocluster + managedClusterName: humiocluster-sample name: "example-view" connections: - repositoryName: "example-repository" diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 00000000..775a72dc --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,15 @@ +## Append samples of your project ## +resources: +- core_v1alpha1_humiocluster.yaml +- core_v1alpha1_humioaction.yaml +- core_v1alpha1_humioaggregatealert.yaml +- core_v1alpha1_humioalert.yaml +- core_v1alpha1_humiobootstraptoken.yaml +- core_v1alpha1_humioexternalcluster.yaml +- core_v1alpha1_humiofilteralert.yaml +- core_v1alpha1_humioingesttoken.yaml +- core_v1alpha1_humioparser.yaml +- core_v1alpha1_humiorepository.yaml +- core_v1alpha1_humioscheduledsearch.yaml +- core_v1alpha1_humioview.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/docs/api.md b/docs/api.md index 59295d03..54d596bd 100644 --- a/docs/api.md +++ b/docs/api.md @@ -213,15 +213,15 @@ EmailProperties indicates this is an Email Action, and contains the correspondin - bodyTemplate - string + recipients + []string
- false + true - recipients - []string + bodyTemplate + string
@@ -336,8 +336,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -457,8 +461,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -578,8 +586,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -710,8 +722,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -831,8 +847,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -952,8 +972,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -1138,8 +1162,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -1209,8 +1237,12 @@ SecretKeyRef allows specifying which secret and what key in that secret holds th string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -2359,13 +2391,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -2374,13 +2406,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -2623,13 +2655,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -2638,13 +2670,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -2967,13 +2999,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -2982,13 +3014,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -3231,13 +3263,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -3246,13 +3278,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -3505,8 +3537,12 @@ SecretKeyRef is the secret key reference to a kubernetes secret containing the b string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -3542,8 +3578,12 @@ referenced object inside the same namespace. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -3573,11 +3613,9 @@ Resources is the kubernetes resource limits for the bootstrap onetime pod Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -3628,6 +3666,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -3688,8 +3735,12 @@ SecretKeyRef is the secret key reference to a kubernetes secret containing the b string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -3804,8 +3855,12 @@ in the spec or automatically created string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -3877,8 +3932,12 @@ in the spec or automatically created string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -3962,6 +4021,13 @@ HumioClusterSpec defines the desired state of HumioCluster + license + object + + License is the kubernetes secret reference which contains the Humio license
+ + true + affinity object @@ -4265,13 +4331,6 @@ the Humio pods.
InitServiceAccountName is the name of the Kubernetes Service Account that will be attached to the init container in the humio pod.
false - - license - object - - License is the kubernetes secret reference which contains the Humio license
- - false nodeCount integer @@ -4440,6 +4499,80 @@ Deprecated: Use RolePermissions instead.
+### HumioCluster.spec.license +[↩ Parent](#humioclusterspec) + + + +License is the kubernetes secret reference which contains the Humio license + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
secretKeyRefobject + SecretKeySelector selects a key of a Secret.
+ 		false
+ + +### HumioCluster.spec.license.secretKeyRef +[↩ Parent](#humioclusterspeclicense) + + + +SecretKeySelector selects a key of a Secret. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + ### HumioCluster.spec.affinity [↩ Parent](#humioclusterspec) @@ -4979,13 +5112,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -4994,13 +5127,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5243,13 +5376,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5258,13 +5391,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5587,13 +5720,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5602,13 +5735,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5851,13 +5984,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -5866,13 +5999,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -6196,8 +6329,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -6316,8 +6453,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -6514,8 +6655,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -6835,8 +6977,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -6999,6 +7142,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -7026,7 +7178,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -7114,6 +7266,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### HumioCluster.spec.containerSecurityContext.appArmorProfile +[↩ Parent](#humioclusterspeccontainersecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.containerSecurityContext.capabilities [↩ Parent](#humioclusterspeccontainersecuritycontext) @@ -7228,7 +7423,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -7490,8 +7684,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -7764,8 +7959,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
false @@ -8126,7 +8321,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -8137,17 +8331,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -8209,10 +8400,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + false + + image + object + + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
false @@ -8343,8 +8551,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -8415,6 +8622,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
false @@ -8430,6 +8639,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
false @@ -8568,8 +8779,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -8654,8 +8869,12 @@ to OpenStack. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -8711,8 +8930,12 @@ relative and may not contain the '..' path or start with '..'.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -8866,8 +9089,12 @@ secret object contains more than one secret, all secret references are passed. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -8944,7 +9171,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
false @@ -8978,7 +9205,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. @@ -9101,7 +9328,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -9112,17 +9338,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -9147,7 +9370,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -9157,11 +9379,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -9182,7 +9402,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -9192,11 +9411,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -9341,8 +9558,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -9634,8 +9851,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -9762,8 +9978,12 @@ scripts. @@ -9838,8 +10058,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -9971,9 +10190,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
@@ -10006,6 +10222,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### HumioCluster.spec.dataVolumeSource.image +[↩ Parent](#humioclusterspecdatavolumesource) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### HumioCluster.spec.dataVolumeSource.iscsi [↩ Parent](#humioclusterspecdatavolumesource) @@ -10069,8 +10341,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -10088,6 +10359,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -10138,8 +10411,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -10344,7 +10621,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
false @@ -10356,7 +10634,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set. @@ -10374,14 +10653,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -10429,14 +10705,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -10620,8 +10893,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -10740,7 +11017,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -10774,7 +11051,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -10879,8 +11156,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -11105,8 +11386,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -11116,6 +11396,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -11125,6 +11407,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -11153,6 +11437,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -11183,8 +11469,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -11237,6 +11527,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -11267,6 +11559,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -11310,8 +11604,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -11520,8 +11818,12 @@ credentials. If not specified, default values will be attempted. @@ -11705,8 +12007,12 @@ Selects a key of a ConfigMap. @@ -11825,8 +12131,12 @@ Selects a key of a secret in the pod's namespace @@ -11902,8 +12212,12 @@ The ConfigMap to select from @@ -11938,8 +12252,12 @@ The Secret to select from @@ -12009,8 +12327,12 @@ SecretKeyRef contains the secret key reference when an es hostname is pulled fro @@ -12062,7 +12384,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
 @@ -12073,6 +12397,28 @@ This field is beta in 1.10.
Defaults to false.
 + + + + + @@ -12195,7 +12541,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -12206,17 +12551,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -12278,10 +12620,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + + + + + @@ -12412,8 +12771,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 @@ -12484,6 +12842,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
 @@ -12499,6 +12859,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 @@ -12637,8 +12999,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -12723,8 +13089,12 @@ to OpenStack. @@ -12780,8 +13150,12 @@ relative and may not contain the '..' path or start with '..'.
 @@ -12935,8 +13309,12 @@ secret object contains more than one secret, all secret references are passed. @@ -13013,7 +13391,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -13047,7 +13425,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
recursiveReadOnlystring + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ 		false
subPath stringfalse
imageobject + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 false
false
false
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -13170,7 +13548,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -13181,17 +13558,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -13216,7 +13590,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -13226,11 +13599,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -13251,7 +13622,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -13261,11 +13631,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -13410,8 +13778,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 @@ -13703,8 +14071,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -13831,8 +14198,12 @@ scripts. @@ -13907,8 +14278,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 @@ -14040,9 +14410,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
@@ -14075,6 +14442,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### HumioCluster.spec.extraVolumes[index].image +[↩ Parent](#humioclusterspecextravolumesindex) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### HumioCluster.spec.extraVolumes[index].iscsi [↩ Parent](#humioclusterspecextravolumesindex) @@ -14138,8 +14561,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -14157,6 +14579,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -14207,8 +14631,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -14413,7 +14841,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
false @@ -14425,7 +14854,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set. @@ -14443,14 +14873,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -14498,14 +14925,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -14689,8 +15113,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -14809,7 +15237,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -14843,7 +15271,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -14948,8 +15376,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -15174,8 +15606,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -15185,6 +15616,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -15194,6 +15627,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -15222,6 +15657,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -15252,8 +15689,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -15306,6 +15747,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -15336,6 +15779,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -15379,8 +15824,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -15589,8 +16038,12 @@ credentials. If not specified, default values will be attempted. @@ -15702,8 +16155,12 @@ SecretKeyRef contains the secret key reference when a hostname is pulled from a @@ -15739,8 +16196,12 @@ referenced object inside the same namespace. @@ -15802,8 +16263,12 @@ ConfigMapRef contains the reference to the configmap name and key containing the @@ -15882,76 +16347,6 @@ to be set: spec.hostname, spec.hostnameSource, spec.esHostname or spec.esHostnam
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
-### HumioCluster.spec.license -[↩ Parent](#humioclusterspec) - - - -License is the kubernetes secret reference which contains the Humio license - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
secretKeyRefobject - SecretKeySelector selects a key of a Secret.
- 		false
- - -### HumioCluster.spec.license.secretKeyRef -[↩ Parent](#humioclusterspeclicense) - - - -SecretKeySelector selects a key of a Secret. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The key of the secret to select from. Must be a valid secret key.
- 		true
namestring - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - Specify whether the Secret or its key must be defined
- 		false
- - ### HumioCluster.spec.nodePoolFeatures [↩ Parent](#humioclusterspec) @@ -16906,13 +17301,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -16921,13 +17316,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17170,13 +17565,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17185,13 +17580,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17514,13 +17909,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17529,13 +17924,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17778,13 +18173,13 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -17793,13 +18188,13 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false @@ -18179,8 +18574,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -18500,8 +18896,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -18664,6 +19061,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -18691,7 +19097,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -18779,6 +19185,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### HumioCluster.spec.nodePools[index].spec.containerSecurityContext.appArmorProfile +[↩ Parent](#humioclusterspecnodepoolsindexspeccontainersecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.nodePools[index].spec.containerSecurityContext.capabilities [↩ Parent](#humioclusterspecnodepoolsindexspeccontainersecuritycontext) @@ -18893,7 +19342,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -19155,8 +19603,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -19429,8 +19878,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
false @@ -19791,7 +20240,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -19802,17 +20250,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -19874,10 +20319,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + false + + image + object + + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
false @@ -20008,8 +20470,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -20080,6 +20541,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
false @@ -20095,6 +20558,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
false @@ -20233,8 +20698,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -20319,8 +20788,12 @@ to OpenStack. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -20376,8 +20849,12 @@ relative and may not contain the '..' path or start with '..'.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -20531,8 +21008,12 @@ secret object contains more than one secret, all secret references are passed. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -20609,7 +21090,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
false @@ -20643,7 +21124,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. @@ -20766,7 +21247,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -20777,17 +21257,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -20812,7 +21289,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -20822,11 +21298,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -20847,7 +21321,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -20857,11 +21330,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -21006,8 +21477,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -21299,8 +21770,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -21427,8 +21897,12 @@ scripts. @@ -21503,8 +21977,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -21636,9 +22109,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
@@ -21671,6 +22141,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### HumioCluster.spec.nodePools[index].spec.dataVolumeSource.image +[↩ Parent](#humioclusterspecnodepoolsindexspecdatavolumesource) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### HumioCluster.spec.nodePools[index].spec.dataVolumeSource.iscsi [↩ Parent](#humioclusterspecnodepoolsindexspecdatavolumesource) @@ -21734,8 +22260,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -21753,6 +22278,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -21803,8 +22330,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -22009,7 +22540,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
false @@ -22021,7 +22553,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set. @@ -22039,14 +22572,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -22094,14 +22624,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -22285,8 +22812,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -22405,7 +22936,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -22439,7 +22970,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -22544,8 +23075,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -22770,8 +23305,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -22781,6 +23315,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -22790,6 +23326,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -22818,6 +23356,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -22848,8 +23388,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -22902,6 +23446,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -22932,6 +23478,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -22975,8 +23523,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -23185,8 +23737,12 @@ credentials. If not specified, default values will be attempted. @@ -23370,8 +23926,12 @@ Selects a key of a ConfigMap. @@ -23490,8 +24050,12 @@ Selects a key of a secret in the pod's namespace @@ -23567,8 +24131,12 @@ The ConfigMap to select from @@ -23603,8 +24171,12 @@ The Secret to select from @@ -23656,7 +24228,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
 @@ -23667,6 +24241,28 @@ This field is beta in 1.10.
Defaults to false.
 + + + + + @@ -23789,7 +24385,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -23800,17 +24395,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -23872,10 +24464,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + + + + + @@ -24006,8 +24615,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 @@ -24078,6 +24686,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
 @@ -24093,6 +24703,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 @@ -24231,8 +24843,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -24317,8 +24933,12 @@ to OpenStack. @@ -24374,8 +24994,12 @@ relative and may not contain the '..' path or start with '..'.
 @@ -24529,8 +25153,12 @@ secret object contains more than one secret, all secret references are passed. @@ -24607,7 +25235,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -24641,7 +25269,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
recursiveReadOnlystring + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ 		false
subPath stringfalse
imageobject + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 false
false
false
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -24764,7 +25392,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -24775,17 +25402,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -24810,7 +25434,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -24820,11 +25443,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -24845,7 +25466,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -24855,11 +25475,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -25004,8 +25622,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 @@ -25297,8 +25915,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25425,8 +26042,12 @@ scripts. @@ -25501,8 +26122,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 @@ -25634,9 +26254,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
@@ -25669,6 +26286,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### HumioCluster.spec.nodePools[index].spec.extraVolumes[index].image +[↩ Parent](#humioclusterspecnodepoolsindexspecextravolumesindex) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### HumioCluster.spec.nodePools[index].spec.extraVolumes[index].iscsi [↩ Parent](#humioclusterspecnodepoolsindexspecextravolumesindex) @@ -25732,8 +26405,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -25751,6 +26423,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -25801,8 +26475,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26007,7 +26685,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
false @@ -26019,7 +26698,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set. @@ -26037,14 +26717,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -26092,14 +26769,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -26283,8 +26957,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -26403,7 +27081,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -26437,7 +27115,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -26542,8 +27220,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -26768,8 +27450,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -26779,6 +27460,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -26788,6 +27471,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -26816,6 +27501,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -26846,8 +27533,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -26900,6 +27591,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -26930,6 +27623,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -26973,8 +27668,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -27183,8 +27882,12 @@ credentials. If not specified, default values will be attempted. @@ -27263,8 +27966,12 @@ referenced object inside the same namespace. @@ -27326,8 +28033,12 @@ ConfigMapRef contains the reference to the configmap name and key containing the @@ -27386,6 +28097,14 @@ PodSecurityContext is the security context applied to the Humio pod + + + + + + + + + + @@ -27514,6 +28244,48 @@ Note that this field cannot be set when spec.os.name is linux.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
appArmorProfileobject + appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
fsGroup integer @@ -27393,12 +28112,10 @@ PodSecurityContext is the security context applied to the Humio pod Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

@@ -27482,12 +28199,25 @@ Note that this field cannot be set when spec.os.name is windows.
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. + A list of groups applied to the first process run in each container, in +addition to the container's primary GID and fsGroup (if specified). If +the SupplementalGroupsPolicy feature is enabled, the +supplementalGroupsPolicy field determines whether these are in addition +to or instead of any group memberships defined in the container image. +If unspecified, no additional groups are added, though group memberships +defined in the container image may still be used, depending on the +supplementalGroupsPolicy field. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
supplementalGroupsPolicystring + Defines how supplemental groups of the first container processes are calculated. +Valid values are "Merge" and "Strict". If not specified, "Merge" is used. +(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled +and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 false
+### HumioCluster.spec.nodePools[index].spec.podSecurityContext.appArmorProfile +[↩ Parent](#humioclusterspecnodepoolsindexspecpodsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.nodePools[index].spec.podSecurityContext.seLinuxOptions [↩ Parent](#humioclusterspecnodepoolsindexspecpodsecuritycontext) @@ -27591,7 +28363,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -27727,11 +28498,9 @@ Resources is the kubernetes resource limits for the humio pod Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -27782,6 +28551,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -28192,8 +28970,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28312,8 +29094,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28389,8 +29175,12 @@ The ConfigMap to select from string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28425,8 +29215,12 @@ The Secret to select from string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -29164,8 +29958,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -29553,8 +30348,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -29752,11 +30548,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -29807,6 +30601,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -29839,6 +30642,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -29866,7 +30678,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -29954,6 +30766,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### HumioCluster.spec.nodePools[index].spec.sidecarContainer[index].securityContext.appArmorProfile +[↩ Parent](#humioclusterspecnodepoolsindexspecsidecarcontainerindexsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.nodePools[index].spec.sidecarContainer[index].securityContext.capabilities [↩ Parent](#humioclusterspecnodepoolsindexspecsidecarcontainerindexsecuritycontext) @@ -30068,7 +30923,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -30333,8 +31187,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -30543,7 +31398,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
false @@ -30554,6 +31411,28 @@ This field is beta in 1.10.
Defaults to false.
false + + recursiveReadOnly + string + + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ + false subPath string @@ -30746,7 +31625,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
false @@ -30765,7 +31643,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -30773,10 +31650,7 @@ labelSelector spread as 2/2/2: The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+it will violate MaxSkew.

Format: int32
@@ -30790,7 +31664,6 @@ when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -30805,7 +31678,6 @@ pod topology spread skew. Options are: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -30951,19 +31823,16 @@ This can be configured to an absolute number or a percentage, e.g. "maxUnavailab Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. -/ + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time.

@@ -30991,6 +31860,14 @@ PodSecurityContext is the security context applied to the Humio pod + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ + false + fsGroup integer @@ -30998,12 +31875,10 @@ PodSecurityContext is the security context applied to the Humio pod Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

@@ -31087,12 +31962,25 @@ Note that this field cannot be set when spec.os.name is windows.
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. + A list of groups applied to the first process run in each container, in +addition to the container's primary GID and fsGroup (if specified). If +the SupplementalGroupsPolicy feature is enabled, the +supplementalGroupsPolicy field determines whether these are in addition +to or instead of any group memberships defined in the container image. +If unspecified, no additional groups are added, though group memberships +defined in the container image may still be used, depending on the +supplementalGroupsPolicy field. +Note that this field cannot be set when spec.os.name is windows.
+ + false + + supplementalGroupsPolicy + string + + Defines how supplemental groups of the first container processes are calculated. +Valid values are "Merge" and "Strict". If not specified, "Merge" is used. +(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled +and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
false @@ -31119,6 +32007,48 @@ Note that this field cannot be set when spec.os.name is linux.
+### HumioCluster.spec.podSecurityContext.appArmorProfile +[↩ Parent](#humioclusterspecpodsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.podSecurityContext.seLinuxOptions [↩ Parent](#humioclusterspecpodsecuritycontext) @@ -31196,7 +32126,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -31332,11 +32261,9 @@ Resources is the kubernetes resource limits for the humio pod Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -31387,6 +32314,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -31797,8 +32733,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -31917,8 +32857,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -31994,8 +32938,12 @@ The ConfigMap to select from string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -32030,8 +32978,12 @@ The Secret to select from string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -32769,8 +33721,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -33158,8 +34111,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -33357,11 +34311,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -33412,6 +34364,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -33444,6 +34405,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -33471,7 +34441,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -33559,6 +34529,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### HumioCluster.spec.sidecarContainer[index].securityContext.appArmorProfile +[↩ Parent](#humioclusterspecsidecarcontainerindexsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### HumioCluster.spec.sidecarContainer[index].securityContext.capabilities [↩ Parent](#humioclusterspecsidecarcontainerindexsecuritycontext) @@ -33673,7 +34686,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -33938,8 +34950,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false @@ -34148,7 +35161,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
false @@ -34159,6 +35174,28 @@ This field is beta in 1.10.
Defaults to false.
false + + recursiveReadOnly + string + + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ + false subPath string @@ -34392,7 +35429,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
false @@ -34411,7 +35447,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -34419,10 +35454,7 @@ labelSelector spread as 2/2/2: The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+it will violate MaxSkew.

Format: int32
@@ -34436,7 +35468,6 @@ when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -34451,7 +35482,6 @@ pod topology spread skew. Options are: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -34597,19 +35627,16 @@ This can be configured to an absolute number or a percentage, e.g. "maxUnavailab Type controls how Humio pods are updated when changes are made to the HumioCluster resource that results in a change to the Humio pods. The available values are: OnDelete, RollingUpdate, ReplaceAllOnUpdate, and RollingUpdateBestEffort. -/ + When set to OnDelete, no Humio pods will be terminated but new pods will be created with the new spec. Replacing existing pods will require each pod to be deleted by the user. - When set to RollingUpdate, pods will always be replaced one pod at a time. There may be some Humio updates where rolling updates are not supported, so it is not recommended to have this set all the time. - When set to ReplaceAllOnUpdate, all Humio pods will be replaced at the same time during an update. This is the default behavior. - When set to RollingUpdateBestEffort, the operator will evaluate the Humio version change and determine if the Humio pods can be updated in a rolling fashion or if they must be replaced at the same time.

@@ -35068,6 +36095,22 @@ HumioFilterAlertSpec defines the desired state of HumioFilterAlert QueryString defines the desired Humio query string
true + + throttleField + string + + ThrottleField is the field on which to throttle
+ + true + + throttleTimeSeconds + integer + + ThrottleTimeSeconds is the throttle time in seconds. A filter alert is triggered at most once per the throttle time
+
+ Minimum: 60
+ + true viewName string @@ -35115,22 +36158,6 @@ resources should be created. This conflicts with ExternalClusterName.
false - - throttleField - string - - ThrottleField is the field on which to throttle
- - false - - throttleTimeSeconds - integer - - ThrottleTimeSeconds is the throttle time in seconds. A filter alert is triggered at most once per the throttle time
-
- Minimum: 60
- - false @@ -35239,34 +36266,34 @@ HumioIngestTokenSpec defines the desired state of HumioIngestToken true - externalClusterName + parserName string - ExternalClusterName refers to an object of type HumioExternalCluster where the Humio resources should be created. -This conflicts with ManagedClusterName.
+ ParserName is the name of the parser which will be assigned to the ingest token.
- false + true - managedClusterName + repositoryName string - ManagedClusterName refers to an object of type HumioCluster that is managed by the operator where the Humio -resources should be created. -This conflicts with ExternalClusterName.
+ RepositoryName is the name of the Humio repository under which the ingest token will be created
- false + true - parserName + externalClusterName string - ParserName is the name of the parser which will be assigned to the ingest token.
+ ExternalClusterName refers to an object of type HumioExternalCluster where the Humio resources should be created. +This conflicts with ManagedClusterName.
false - repositoryName + managedClusterName string - RepositoryName is the name of the Humio repository under which the ingest token will be created
+ ManagedClusterName refers to an object of type HumioCluster that is managed by the operator where the Humio +resources should be created. +This conflicts with ExternalClusterName.
false @@ -35394,6 +36421,13 @@ HumioParserSpec defines the desired state of HumioParser Name is the name of the parser inside Humio
true + + repositoryName + string + + RepositoryName defines what repository this parser should be managed in
+ + true externalClusterName string @@ -35418,13 +36452,6 @@ This conflicts with ExternalClusterName.
ParserScript contains the code for the Humio parser
false - - repositoryName - string - - RepositoryName defines what repository this parser should be managed in
- - false tagFields []string @@ -36014,17 +37041,17 @@ This conflicts with ExternalClusterName.
- filter + repositoryName string - Filter contains the prefix filter that will be applied for the given RepositoryName
+ RepositoryName contains the name of the target repository
- false + true - repositoryName + filter string - RepositoryName contains the name of the target repository
+ Filter contains the prefix filter that will be applied for the given RepositoryName
false diff --git a/examples/humioaction-email.yaml b/examples/humioaction-email.yaml deleted file mode 100644 index cebdb338..00000000 --- a/examples/humioaction-email.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: example-email-action-managed -spec: - managedClusterName: example-humiocluster - name: example-email-action - viewName: humio - emailProperties: - recipients: - - example@example.com - subjectTemplate: "{alert_name} has alerted" - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: example-email-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-email-action - viewName: humio - emailProperties: - recipients: - - example@example.com - subjectTemplate: "{alert_name} has alerted" - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert diff --git a/examples/humioaction-humiorepository.yaml b/examples/humioaction-humiorepository.yaml deleted file mode 100644 index 4d3d8a11..00000000 --- a/examples/humioaction-humiorepository.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-humio-repository-action-managed -spec: - managedClusterName: example-humiocluster - name: example-humio-repository-action - viewName: humio - humioRepositoryProperties: - ingestToken: some-humio-ingest-token ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-humio-repository-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-humio-repository-action - viewName: humio - humioRepositoryProperties: - ingestToken: some-humio-ingest-token diff --git a/examples/humioaction-ops-genie.yaml b/examples/humioaction-ops-genie.yaml deleted file mode 100644 index 81c0803b..00000000 --- a/examples/humioaction-ops-genie.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: example-humioaction-managed -spec: - managedClusterName: example-humiocluster - name: example-ops-genie-action - viewName: humio - opsGenieProperties: - genieKey: "some-genie-key" ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: example-humioaction-external -spec: - externalClusterName: example-humioexternalcluster - name: example-ops-genie-action - viewName: humio - opsGenieProperties: - genieKey: "some-genie-key" diff --git a/examples/humioaction-pagerduty.yaml b/examples/humioaction-pagerduty.yaml deleted file mode 100644 index be1e5b75..00000000 --- a/examples/humioaction-pagerduty.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-pagerduty-action-managed -spec: - managedClusterName: example-humiocluster - name: example-pagerduty-action - viewName: humio - pagerDutyProperties: - routingKey: some-routing-key - severity: critical ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-pagerduty-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-pagerduty-action - viewName: humio - pagerDutyProperties: - routingKey: some-routing-key - severity: critical diff --git a/examples/humioaction-slack-post-message.yaml b/examples/humioaction-slack-post-message.yaml deleted file mode 100644 index 00eaa058..00000000 --- a/examples/humioaction-slack-post-message.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-slack-post-message-action-managed -spec: - managedClusterName: example-humiocluster - name: example-slack-post-message-action - viewName: humio - slackPostMessageProperties: - apiToken: some-oauth-token - channels: - - "#some-channel" - - "#some-other-channel" - fields: - query: "{query}" - time-interval: "{query_time_interval}" ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-slack-post-message-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-slack-post-message-action - viewName: humio - slackPostMessageProperties: - apiToken: some-oauth-token - channels: - - "#some-channel" - - "#some-other-channel" - fields: - query: "{query}" - time-interval: "{query_time_interval}" diff --git a/examples/humioaction-slack.yaml b/examples/humioaction-slack.yaml deleted file mode 100644 index b33b2fa2..00000000 --- a/examples/humioaction-slack.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-slack-action-managed -spec: - managedClusterName: example-humiocluster - name: example-slack-action - viewName: humio - slackProperties: - url: "https://hooks.slack.com/services/T00000000/B00000000/YYYYYYYYYYYYYYYYYYYYYYYY" - fields: - query: "{query}" - time-interval: "{query_time_interval}" ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-slack-action-external -spec: - name: example-slack-action - externalClusterName: example-humioexternalcluster - viewName: humio - slackProperties: - url: "https://hooks.slack.com/services/T00000000/B00000000/YYYYYYYYYYYYYYYYYYYYYYYY" - fields: - query: "{query}" - time-interval: "{query_time_interval}" diff --git a/examples/humioaction-victor-ops.yaml b/examples/humioaction-victor-ops.yaml deleted file mode 100644 index eda60a76..00000000 --- a/examples/humioaction-victor-ops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-victor-ops-action-managed -spec: - managedClusterName: example-humiocluster - name: example-victor-ops-action - viewName: humio - victorOpsProperties: - messageType: critical - notifyUrl: "https://alert.victorops.com/integrations/0000/alert/0000/routing_key" ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-victor-ops-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-victor-ops-action - viewName: humio - victorOpsProperties: - messageType: critical - notifyUrl: "https://alert.victorops.com/integrations/0000/alert/0000/routing_key" diff --git a/examples/humioaction-webhook.yaml b/examples/humioaction-webhook.yaml deleted file mode 100644 index c85db2cb..00000000 --- a/examples/humioaction-webhook.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-web-hook-action-managed -spec: - managedClusterName: example-humiocluster - name: example-web-hook-action - viewName: humio - webhookProperties: - url: "https://example.com/some/api" - headers: - some: header - some-other: header - method: POST - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-web-hook-action-external -spec: - externalClusterName: example-humioexternalcluster - name: example-web-hook-action - viewName: humio - webhookProperties: - url: "https://example.com/some/api" - headers: - some: header - some-other: header - method: POST - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-web-hook-action-mixed-headers-external -spec: - externalClusterName: example-humioexternalcluster - name: example-web-hook-action-using-secrets - viewName: humio - webhookProperties: - urlSource: - secretKeyRef: - name: example-humiocluster-webhook-action-url-secret - key: data - headers: - some: header - some-other: header - secretHeaders: - - name: this - valueFrom: - secretKeyRef: - name: example-humiocluster-webhook-action-headers-secret - key: somesecretheader - method: POST - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - name: humio-web-hook-action-all-secret-external -spec: - externalClusterName: example-humioexternalcluster - name: example-web-hook-action-using-secret-url-and-headers - viewName: humio - webhookProperties: - urlSource: - secretKeyRef: - name: example-humiocluster-webhook-action-url-secret - key: data - secretHeaders: - - name: this - valueFrom: - secretKeyRef: - name: example-humiocluster-webhook-action-headers-secret - key: somesecretheader - method: POST - bodyTemplate: |- - {alert_name} has alerted - click {url} to see the alert diff --git a/examples/humioaggregatealert.yaml b/examples/humioaggregatealert.yaml deleted file mode 100644 index 60bfd91e..00000000 --- a/examples/humioaggregatealert.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAggregateAlert -metadata: - name: example-aggregate-alert-managed -spec: - managedClusterName: example-humiocluster - name: example-aggregate-alert - queryString: "#repo = humio | error = true | count()" - queryTimestampType: "EventTimestamp" - viewName: "humio" - throttleTimeSeconds: 60 - triggerMode: "CompleteMode" - searchIntervalSeconds: 60 - throttleField: "@timestamp" - description: "This is an example of an aggregate alert" - enabled: true - actions: - - example-email-action - ---- - -apiVersion: core.humio.com/v1alpha1 -kind: HumioAggregateAlert -metadata: - name: example-aggregate-alert-external -spec: - externalClusterName: example-humioexternalcluster - name: example-aggregate-alert-external - queryString: "#repo = humio | error = true | count()" - queryTimestampType: "EventTimestamp" - viewName: "humio" - throttleTimeSeconds: 60 - triggerMode: "CompleteMode" - searchIntervalSeconds: 60 - throttleField: "@timestamp" - description: "This is an example of an aggregate alert" - enabled: true - actions: - - example-email-action diff --git a/examples/humioalert.yaml b/examples/humioalert.yaml deleted file mode 100644 index 5fa5bb4d..00000000 --- a/examples/humioalert.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - name: example-alert-managed -spec: - managedClusterName: example-humiocluster - name: example-alert - viewName: humio - query: - queryString: "#repo = humio | error = true | count() | _count > 0" - start: 24h - end: now - isLive: true - throttleTimeMillis: 60000 - silenced: false - description: Error counts - actions: - - example-email-action ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - name: example-alert-external -spec: - externalClusterName: example-humioexternalcluster - name: example-alert - viewName: humio - query: - queryString: "#repo = humio | error = true | count() | _count > 0" - start: 24h - end: now - isLive: true - throttleTimeMillis: 60000 - silenced: false - description: Error counts - actions: - - example-email-action diff --git a/examples/humiocluster-affinity-and-tolerations.yaml b/examples/humiocluster-affinity-and-tolerations.yaml deleted file mode 100644 index 87a3e734..00000000 --- a/examples/humiocluster-affinity-and-tolerations.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - environmentVariables: - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless:9092" - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: humio_node_type - operator: In - values: - - core - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - humio - topologyKey: kubernetes.io/hostname - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 6000 diff --git a/examples/humiocluster-data-volume-persistent-volume-claim-policy-kind-local.yaml b/examples/humiocluster-data-volume-persistent-volume-claim-policy-kind-local.yaml deleted file mode 100644 index 5001db82..00000000 --- a/examples/humiocluster-data-volume-persistent-volume-claim-policy-kind-local.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - nodeCount: 1 - tls: - enabled: false - targetReplicationFactor: 1 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - resources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: "1" - memory: 2Gi - dataVolumePersistentVolumeClaimPolicy: - reclaimType: OnNodeDelete - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - environmentVariables: - - name: "HUMIO_MEMORY_OPTS" - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" \ No newline at end of file diff --git a/examples/humiocluster-ephemeral-with-gcs-storage.yaml b/examples/humiocluster-ephemeral-with-gcs-storage.yaml deleted file mode 100644 index 5dafbe97..00000000 --- a/examples/humiocluster-ephemeral-with-gcs-storage.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - targetReplicationFactor: 2 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: humio_node_type - operator: In - values: - - core - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - humio-core - topologyKey: kubernetes.io/hostname - dataVolumeSource: - hostPath: - path: "/mnt/disks/vol1" - type: "Directory" - extraHumioVolumeMounts: - - name: gcp-storage-account-json-file - mountPath: /var/lib/humio/gcp-storage-account-json-file - subPath: gcp-storage-account-json-file - readOnly: true - extraVolumes: - - name: gcp-storage-account-json-file - secret: - secretName: gcp-storage-account-json-file - environmentVariables: - - name: GCP_STORAGE_ACCOUNT_JSON_FILE - value: "/var/lib/humio/gcp-storage-account-json-file" - - name: GCP_STORAGE_BUCKET - value: "my-cluster-storage" - - name: GCP_STORAGE_ENCRYPTION_KEY - value: "my-encryption-key" - - name: USING_EPHEMERAL_DISKS - value: "true" - - name: "ZOOKEEPER_URL" - value: "z-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181" - - name: "KAFKA_SERVERS" - value: "b-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092" diff --git a/examples/humiocluster-ephemeral-with-s3-storage.yaml b/examples/humiocluster-ephemeral-with-s3-storage.yaml deleted file mode 100644 index 1ef85c96..00000000 --- a/examples/humiocluster-ephemeral-with-s3-storage.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - targetReplicationFactor: 2 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: humio_node_type - operator: In - values: - - core - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - humio - topologyKey: kubernetes.io/hostname - dataVolumeSource: - hostPath: - path: "/mnt/disks/vol1" - type: "Directory" - environmentVariables: - - name: S3_STORAGE_BUCKET - value: "my-cluster-storage" - - name: S3_STORAGE_REGION - value: "us-west-2" - - name: S3_STORAGE_ENCRYPTION_KEY - value: "my-encryption-key" - - name: USING_EPHEMERAL_DISKS - value: "true" - - name: S3_STORAGE_PREFERRED_COPY_SOURCE - value: "true" - - name: "ZOOKEEPER_URL" - value: "z-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181" - - name: "KAFKA_SERVERS" - value: "b-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092" diff --git a/examples/humiocluster-kind-local.yaml b/examples/humiocluster-kind-local.yaml deleted file mode 100644 index 9ad0801c..00000000 --- a/examples/humiocluster-kind-local.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - nodeCount: 1 - tls: - enabled: false - targetReplicationFactor: 1 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - resources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: "1" - memory: 2Gi - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - environmentVariables: - - name: "HUMIO_MEMORY_OPTS" - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" - - name: "AUTHENTICATION_METHOD" - value: "static" diff --git a/examples/humiocluster-multi-nodepool-kind-local.yaml b/examples/humiocluster-multi-nodepool-kind-local.yaml deleted file mode 100644 index dd4b2cee..00000000 --- a/examples/humiocluster-multi-nodepool-kind-local.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - #disableInitContainer: true - nodePools: - - name: ingest-only - spec: - #disableInitContainer: true - image: "humio/humio-core:1.82.1" - nodeCount: 1 - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - resources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: "1" - memory: 2Gi - environmentVariables: - - name: "HUMIO_MEMORY_OPTS" - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - nodeCount: 1 - tls: - enabled: false - targetReplicationFactor: 1 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - resources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: "1" - memory: 2Gi - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - environmentVariables: - - name: "HUMIO_MEMORY_OPTS" - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" - - name: "STATIC_USERS" - value: "user:user" - - name: "AUTHENTICATION_METHOD" - value: "static" \ No newline at end of file diff --git a/examples/humiocluster-nginx-ingress-with-cert-manager.yaml b/examples/humiocluster-nginx-ingress-with-cert-manager.yaml deleted file mode 100644 index 524c7e84..00000000 --- a/examples/humiocluster-nginx-ingress-with-cert-manager.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - environmentVariables: - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless:9092" - hostname: "humio.example.com" - esHostname: "humio-es.example.com" - ingress: - enabled: true - controller: nginx - annotations: - use-http01-solver: "true" - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi diff --git a/examples/humiocluster-nginx-ingress-with-custom-path.yaml b/examples/humiocluster-nginx-ingress-with-custom-path.yaml deleted file mode 100644 index 0d0c63b8..00000000 --- a/examples/humiocluster-nginx-ingress-with-custom-path.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - environmentVariables: - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless:9092" - hostname: "humio.example.com" - esHostname: "humio-es.example.com" - path: /logs - ingress: - enabled: true - controller: nginx - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi diff --git a/examples/humiocluster-nginx-ingress-with-hostname-secrets.yaml b/examples/humiocluster-nginx-ingress-with-hostname-secrets.yaml deleted file mode 100644 index 375fce53..00000000 --- a/examples/humiocluster-nginx-ingress-with-hostname-secrets.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - environmentVariables: - - name: "ZOOKEEPER_URL" - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless:2181" - - name: "KAFKA_SERVERS" - value: "humio-cp-kafka-0.humio-cp-kafka-headless:9092" - hostnameSource: - secretKeyRef: - name: example-humiocluster-hostname - key: data - esHostnameSource: - secretKeyRef: - name: example-humiocluster-es-hostname - key: data - ingress: - enabled: true - controller: nginx - annotations: - use-http01-solver: "true" - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi diff --git a/examples/humiocluster-nodepool-slice-only.yaml b/examples/humiocluster-nodepool-slice-only.yaml deleted file mode 100644 index 79ff7b0a..00000000 --- a/examples/humiocluster-nodepool-slice-only.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - license: - secretKeyRef: - name: example-humiocluster-license - key: data - targetReplicationFactor: 2 - storagePartitionsCount: 720 - digestPartitionsCount: 720 - nodePools: - - name: "segments" - spec: - image: "humio/humio-core:1.76.2" - nodeCount: 1 - extraKafkaConfigs: "security.protocol=PLAINTEXT" - dataVolumePersistentVolumeClaimPolicy: - reclaimType: OnNodeDelete - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - environmentVariables: - - name: QUERY_COORDINATOR - value: "false" - - name: HUMIO_MEMORY_OPTS - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: ZOOKEEPER_URL - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: KAFKA_SERVERS - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" - - name: "httponly" - spec: - image: "humio/humio-core:1.76.2" - nodeCount: 1 - extraKafkaConfigs: "security.protocol=PLAINTEXT" - dataVolumePersistentVolumeClaimPolicy: - reclaimType: OnNodeDelete - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 10Gi - environmentVariables: - - name: NODE_ROLES - value: "httponly" - - name: HUMIO_MEMORY_OPTS - value: "-Xss2m -Xms1g -Xmx2g -XX:MaxDirectMemorySize=1g" - - name: ZOOKEEPER_URL - value: "humio-cp-zookeeper-0.humio-cp-zookeeper-headless.default:2181" - - name: KAFKA_SERVERS - value: "humio-cp-kafka-0.humio-cp-kafka-headless.default:9092" diff --git a/examples/humiocluster-persistent-volumes.yaml b/examples/humiocluster-persistent-volumes.yaml deleted file mode 100644 index 665961c3..00000000 --- a/examples/humiocluster-persistent-volumes.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - name: example-humiocluster -spec: - nodeCount: 3 - license: - secretKeyRef: - name: example-humiocluster-license - key: data - image: "humio/humio-core:1.82.1" - targetReplicationFactor: 2 - storagePartitionsCount: 24 - digestPartitionsCount: 24 - resources: - limits: - cpu: "8" - memory: 56Gi - requests: - cpu: "6" - memory: 52Gi - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: humio_node_type - operator: In - values: - - core - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - humio-core - topologyKey: kubernetes.io/hostname - dataVolumePersistentVolumeClaimSpecTemplate: - storageClassName: standard - accessModes: [ReadWriteOnce] - resources: - requests: - storage: 500Gi - environmentVariables: - - name: "ZOOKEEPER_URL" - value: "z-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181,z-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:2181" - - name: "KAFKA_SERVERS" - value: "b-2-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-1-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092,b-3-my-zookeeper.c4.kafka.us-west-2.amazonaws.com:9092" diff --git a/examples/humioexternalcluster-http.yaml b/examples/humioexternalcluster-http.yaml deleted file mode 100644 index b9834a91..00000000 --- a/examples/humioexternalcluster-http.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioExternalCluster -metadata: - name: example-humioexternalcluster -spec: - url: "http://example-humiocluster.default:8080/" - insecure: true diff --git a/examples/humioexternalcluster-https-custom-ca.yaml b/examples/humioexternalcluster-https-custom-ca.yaml deleted file mode 100644 index bc1418a2..00000000 --- a/examples/humioexternalcluster-https-custom-ca.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioExternalCluster -metadata: - name: example-humioexternalcluster -spec: - url: "https://example-humiocluster.default:8080/" - apiTokenSecretName: "example-humiocluster-admin-token" - caSecretName: "example-humiocluster" diff --git a/examples/humioexternalcluster-https.yaml b/examples/humioexternalcluster-https.yaml deleted file mode 100644 index f33c2094..00000000 --- a/examples/humioexternalcluster-https.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioExternalCluster -metadata: - name: example-humioexternalcluster -spec: - url: "https://example-humiocluster.humio.com/" - apiTokenSecretName: "example-humiocluster-admin-token" diff --git a/examples/humiofilteralert.yaml b/examples/humiofilteralert.yaml deleted file mode 100644 index 8ef27fa7..00000000 --- a/examples/humiofilteralert.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioFilterAlert -metadata: - name: example-alert-filter-managed -spec: - managedClusterName: example-humiocluster - name: example-filter-alert - viewName: humio - queryString: "#repo = humio | error = true" - enabled: true - description: Error counts - actions: - - example-email-action ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioFilterAlert -metadata: - name: example-alert-filter-external -spec: - externalClusterName: example-humioexternalcluster - name: example-filter-alert - viewName: humio - queryString: "#repo = humio | error = true" - enabled: true - description: Error counts - actions: - - example-email-action diff --git a/examples/humioingesttoken-with-secret.yaml b/examples/humioingesttoken-with-secret.yaml deleted file mode 100644 index 68559fb2..00000000 --- a/examples/humioingesttoken-with-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - name: example-humioingesttoken-managed -spec: - managedClusterName: example-humiocluster - name: example-humioingesttoken - repositoryName: humio - tokenSecretName: k8s-secret-name-to-save-ingest-token ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - name: example-humioingesttoken-external -spec: - externalClusterName: example-humioexternalcluster - name: example-humioingesttoken - repositoryName: humio - tokenSecretName: k8s-secret-name-to-save-ingest-token diff --git a/examples/humioingesttoken-without-secret.yaml b/examples/humioingesttoken-without-secret.yaml deleted file mode 100644 index 7f3d966b..00000000 --- a/examples/humioingesttoken-without-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - name: example-humioingesttoken-managed -spec: - managedClusterName: example-humiocluster - name: example-humioingesttoken - repositoryName: humio ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - name: example-humioingesttoken-external -spec: - externalClusterName: example-humioexternalcluster - name: example-humioingesttoken - repositoryName: humio diff --git a/examples/humioparser.yaml b/examples/humioparser.yaml deleted file mode 100644 index c6c58637..00000000 --- a/examples/humioparser.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - name: example-humioparser-managed -spec: - managedClusterName: example-humiocluster - name: "example-humioparser" - parserScript: "kvParse()" - repositoryName: "humio" - tagFields: - - "@somefield" - testData: - - "@rawstring data" ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - name: example-humioparser-external -spec: - externalClusterName: example-humioexternalcluster - name: "example-humioparser" - parserScript: "kvParse()" - repositoryName: "humio" - tagFields: - - "@somefield" - testData: - - "@rawstring data" diff --git a/examples/humiorepository.yaml b/examples/humiorepository.yaml deleted file mode 100644 index ad109e57..00000000 --- a/examples/humiorepository.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - name: example-humiorepository-managed -spec: - managedClusterName: example-humiocluster - name: "example-repository" - description: "this is an important message" - # Data deletion must be explicitly enabled before the operator will apply/lower retention settings that may cause data to be deleted. - allowDataDeletion: false - retention: - # If retention options are left out they will not be set. - ingestSizeInGB: 10 - storageSizeInGB: 5 - timeInDays: 30 ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - name: example-humiorepository-external -spec: - # The operator needs the HumioExternalCluster to use an API token that has access to create repositories. - externalClusterName: example-humioexternalcluster - name: "example-repository" - description: "this is an important message" - # Data deletion must be explicitly enabled before the operator will apply/lower retention settings that may cause data to be deleted. - allowDataDeletion: false - retention: - # If retention options are left out they will not be set. - ingestSizeInGB: 10 - storageSizeInGB: 5 - timeInDays: 30 diff --git a/examples/humioscheduledsearch.yaml b/examples/humioscheduledsearch.yaml deleted file mode 100644 index 1bc80ee1..00000000 --- a/examples/humioscheduledsearch.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioScheduledSearch -metadata: - name: example-scheduled-search-managed -spec: - managedClusterName: example-humiocluster - name: example-scheduled-search - viewName: humio - queryString: "#repo = humio | error = true | count()" - queryStart: "1h" - queryEnd: "now" - schedule: "0 * * * *" - timeZone: "UTC" - backfillLimit: 3 - enabled: true - description: Error counts - actions: - - example-email-action ---- -apiVersion: core.humio.com/v1alpha1 -kind: HumioScheduledSearch -metadata: - name: example-scheduled-search-external -spec: - externalClusterName: example-humioexternalcluster - name: example-scheduled-search - viewName: humio - queryString: "#repo = humio | error = true | count()" - queryStart: "1h" - queryEnd: "now" - schedule: "0 * * * *" - timeZone: "UTC" - backfillLimit: 3 - enabled: true - description: Error counts - actions: - - example-email-action diff --git a/examples/humioview.yaml b/examples/humioview.yaml deleted file mode 100644 index b24254a4..00000000 --- a/examples/humioview.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - name: example-humioview-managed -spec: - managedClusterName: example-humiocluster - name: "example-view" - connections: - - repositoryName: "example-repository" - filter: "*" diff --git a/go.mod b/go.mod index 3c703b35..c90319ac 100644 --- a/go.mod +++ b/go.mod @@ -1,38 +1,45 @@ module github.com/humio/humio-operator -go 1.22 +go 1.23.0 + +godebug default=go1.23 require ( github.com/Khan/genqlient v0.7.0 - github.com/Masterminds/semver/v3 v3.2.1 - github.com/cert-manager/cert-manager v1.12.14 - github.com/go-jose/go-jose/v4 v4.0.1 - github.com/go-logr/logr v1.4.1 + github.com/Masterminds/semver/v3 v3.3.1 + github.com/cert-manager/cert-manager v1.16.0-alpha.0 + github.com/go-jose/go-jose/v4 v4.0.4 + github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.34.1 - github.com/prometheus/client_golang v1.19.0 + github.com/onsi/ginkgo/v2 v2.22.2 + github.com/onsi/gomega v1.36.2 + github.com/prometheus/client_golang v1.20.4 github.com/vektah/gqlparser/v2 v2.5.20 go.uber.org/zap v1.27.0 - k8s.io/api v0.29.7 - k8s.io/apimachinery v0.29.7 - k8s.io/client-go v0.29.7 - k8s.io/utils v0.0.0-20240310230437-4693a0247e57 - sigs.k8s.io/controller-runtime v0.15.3 + k8s.io/api v0.31.1 + k8s.io/apimachinery v0.31.1 + k8s.io/client-go v0.31.0 + sigs.k8s.io/controller-runtime v0.19.4 ) require ( github.com/agnivade/levenshtein v1.2.0 // indirect github.com/alexflint/go-arg v1.4.2 // indirect github.com/alexflint/go-scalar v1.0.0 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.0 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect @@ -40,47 +47,69 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.20.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect + github.com/gorilla/websocket v1.5.1 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/imdario/mergo v0.3.16 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.52.3 // indirect - github.com/prometheus/procfs v0.13.0 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.32.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.33.0 // indirect - golang.org/x/oauth2 v0.19.0 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.34.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/time v0.6.0 // indirect + golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/grpc v1.66.2 // indirect + google.golang.org/protobuf v1.36.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.29.7 // indirect - k8s.io/component-base v0.29.7 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect - sigs.k8s.io/gateway-api v0.8.0-rc2 // indirect + k8s.io/apiextensions-apiserver v0.31.0 // indirect + k8s.io/apiserver v0.31.0 // indirect + k8s.io/component-base v0.31.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect + k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index d17b78cc..29748ee1 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Khan/genqlient v0.7.0 h1:GZ1meyRnzcDTK48EjqB8t3bcfYvHArCUUvgOwpz1D4w= github.com/Khan/genqlient v0.7.0/go.mod h1:HNyy3wZvuYwmW3Y7mkoQLZsa/R5n5yIRajS1kPBvSFM= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/alexflint/go-arg v1.4.2 h1:lDWZAXxpAnZUq4qwb86p/3rIJJ2Li81EoMbTMujhVa0= @@ -10,36 +10,52 @@ github.com/alexflint/go-scalar v1.0.0 h1:NGupf1XV/Xb04wXskDFzS0KWOLH632W/EO4fAFi github.com/alexflint/go-scalar v1.0.0/go.mod h1:GpHzbCOZXEKMEcygYQ5n/aa4Aq84zbxjy3MxYW0gjYw= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bradleyjkemp/cupaloy/v2 v2.6.0 h1:knToPYa2xtfg42U3I6punFEjaGFKWQRXJwj0JTv4mTs= github.com/bradleyjkemp/cupaloy/v2 v2.6.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= -github.com/cert-manager/cert-manager v1.12.14 h1:EyQMXPzIHcuXVu2kV4gKgEFQw3K/jMUkIyZhOWStz9I= -github.com/cert-manager/cert-manager v1.12.14/go.mod h1:nApwszKTPUxB+gMZ2SeKtHWVojqJsuWplKvF+qb3fj8= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cert-manager/cert-manager v1.16.0-alpha.0 h1:47UchKFfPB07ftypMUibu5cqYiDALXT027wwOlhqioA= +github.com/cert-manager/cert-manager v1.16.0-alpha.0/go.mod h1:nvfn2DkgeE0fEZ9GXUL/Y6mBGg6/ZYdau13mI+VXmGU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54 h1:SG7nF6SRlWhcT7cNTs5R6Hk4V2lcmLz2NsG2VnInyNo= github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= -github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= -github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= -github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= @@ -56,6 +72,8 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -64,29 +82,36 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -96,37 +121,66 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= -github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= -github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= -github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/vektah/gqlparser/v2 v2.5.20 h1:kPaWbhBntxoZPaNdBaIPT1Kh0i1b/onb5kXgEdP5JCo= github.com/vektah/gqlparser/v2 v2.5.20/go.mod h1:xMl+ta8a5M1Yo1A1Iwt/k7gSpscwSnHZdw7tfhEGfTM= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -136,22 +190,22 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= -golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -160,60 +214,73 @@ golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.7 h1:Q2/thp7YYESgy0MGzxT9RvA/6doLJHBXSFH8GGLxSbc= -k8s.io/api v0.29.7/go.mod h1:mPimdbyuIjwoLtBEVIGVUYb4BKOE+44XHt/n4IqKsLA= -k8s.io/apiextensions-apiserver v0.29.7 h1:X62u7vUGfwW5rYJB5jkZDr0uV2XSyEHJRdxnfD5PaLs= -k8s.io/apiextensions-apiserver v0.29.7/go.mod h1:JzBXxlZKKdtEYGr4yiN+s0eXheCTYgKDay8JXPfSGoQ= -k8s.io/apimachinery v0.29.7 h1:ICXzya58Q7hyEEfnTrbmdfX1n1schSepX2KUfC2/ykc= -k8s.io/apimachinery v0.29.7/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/client-go v0.29.7 h1:vTtiFrGBKlcBhxaeZC4eDrqui1e108nsTyue/KU63IY= -k8s.io/client-go v0.29.7/go.mod h1:69BvVqdRozgR/9TP45u/oO0tfrdbP+I8RqrcCJQshzg= -k8s.io/component-base v0.29.7 h1:zXLJvZjvvDWdYmZCwZYk95E1Fd2oRXUz71mQukkRk5I= -k8s.io/component-base v0.29.7/go.mod h1:ddLTpIrjazaRI1EG83M41GNcYEAdskuQmx4JOOSXCOg= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 h1:SbdLaI6mM6ffDSJCadEaD4IkuPzepLDGlkd2xV0t1uA= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.15.3 h1:L+t5heIaI3zeejoIyyvLQs5vTVu/67IU2FfisVzFlBc= -sigs.k8s.io/controller-runtime v0.15.3/go.mod h1:kp4jckA4vTx281S/0Yk2LFEEQe67mjg+ev/yknv47Ds= -sigs.k8s.io/gateway-api v0.8.0-rc2 h1:i1Kw21ygkAgCOciX9P4XoZGWXO7vW+B29Rw3tFQtiAI= -sigs.k8s.io/gateway-api v0.8.0-rc2/go.mod h1:tqe6NjoISYTfXctrVWkPhJ4+7mA9ns0/sfT19O1TkSM= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= +k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= +k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= +sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/hack/functions.sh b/hack/functions.sh index f6b7f168..fa1bbbd3 100644 --- a/hack/functions.sh +++ b/hack/functions.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash declare -r kindest_node_image_multiplatform_amd64_arm64=${E2E_KIND_K8S_VERSION:-kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865} declare -r kind_version=0.24.0 -declare -r go_version=1.22.2 +declare -r go_version=1.23.4 declare -r helm_version=3.14.4 declare -r kubectl_version=1.23.3 declare -r default_cert_manager_version=1.12.12 @@ -133,13 +133,13 @@ preload_container_images() { make docker-build-helper IMG=humio/humio-operator-helper:dummy $kind load docker-image humio/humio-core:dummy & $kind load docker-image humio/humio-operator-helper:dummy & - grep --only-matching --extended-regexp "humio/humio-core:[0-9.]+" controllers/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} docker tag humio/humio-core:dummy {} - grep --only-matching --extended-regexp "humio/humio-core:[0-9.]+" controllers/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} kind load docker-image {} - grep --only-matching --extended-regexp "humio/humio-operator-helper:[^\"]+" controllers/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} docker tag humio/humio-operator-helper:dummy {} - grep --only-matching --extended-regexp "humio/humio-operator-helper:[^\"]+" controllers/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} kind load docker-image {} + grep --only-matching --extended-regexp "humio/humio-core:[0-9.]+" internal/controller/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} docker tag humio/humio-core:dummy {} + grep --only-matching --extended-regexp "humio/humio-core:[0-9.]+" internal/controller/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} kind load docker-image {} + grep --only-matching --extended-regexp "humio/humio-operator-helper:[^\"]+" internal/controller/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} docker tag humio/humio-operator-helper:dummy {} + grep --only-matching --extended-regexp "humio/humio-operator-helper:[^\"]+" internal/controller/versions/versions.go | awk '{print $1"-dummy"}' | xargs -I{} kind load docker-image {} else # Extract container image tags used by tests from go source - TEST_CONTAINER_IMAGES=$(grep 'Version\s*=\s*"' controllers/versions/versions.go | grep -v oldUnsupportedHumioVersion | grep -v 1.x.x | cut -d '"' -f 2 | sort -u) + TEST_CONTAINER_IMAGES=$(grep 'Version\s*=\s*"' internal/controller/versions/versions.go | grep -v oldUnsupportedHumioVersion | grep -v 1.x.x | cut -d '"' -f 2 | sort -u) # Preload image used by e2e tests for image in $TEST_CONTAINER_IMAGES diff --git a/hack/run-e2e-within-kind-test-pod-dummy.sh b/hack/run-e2e-within-kind-test-pod-dummy.sh index 56ef11b3..4cafe0cb 100755 --- a/hack/run-e2e-within-kind-test-pod-dummy.sh +++ b/hack/run-e2e-within-kind-test-pod-dummy.sh @@ -5,4 +5,4 @@ set -x -o pipefail source hack/functions.sh # We skip the helpers package as those tests assumes the environment variable USE_CERT_MANAGER is not set. -DUMMY_LOGSCALE_IMAGE=true ginkgo --label-filter=dummy -timeout 90m -procs=$GINKGO_NODES --no-color --skip-package helpers -v ./controllers/suite/... -covermode=count -coverprofile cover.out -progress | tee /proc/1/fd/1 +DUMMY_LOGSCALE_IMAGE=true ginkgo --label-filter=dummy -timeout 90m -procs=$GINKGO_NODES --no-color --skip-package helpers -v ./internal/controller/suite/... -covermode=count -coverprofile cover.out -progress | tee /proc/1/fd/1 diff --git a/hack/run-e2e-within-kind-test-pod.sh b/hack/run-e2e-within-kind-test-pod.sh index 22212a62..f95db26c 100755 --- a/hack/run-e2e-within-kind-test-pod.sh +++ b/hack/run-e2e-within-kind-test-pod.sh @@ -5,4 +5,4 @@ set -x -o pipefail source hack/functions.sh # We skip the helpers package as those tests assumes the environment variable USE_CERT_MANAGER is not set. -ginkgo --label-filter=real -timeout 120m -procs=$GINKGO_NODES --no-color --skip-package helpers -v ./controllers/suite/... -covermode=count -coverprofile cover.out -progress | tee /proc/1/fd/1 \ No newline at end of file +ginkgo --label-filter=real -timeout 120m -procs=$GINKGO_NODES --no-color --skip-package helpers -v ./internal/controller/suite/... -covermode=count -coverprofile cover.out -progress | tee /proc/1/fd/1 \ No newline at end of file diff --git a/images/helper/Dockerfile b/images/helper/Dockerfile index 4ce7f821..ae27db2a 100644 --- a/images/helper/Dockerfile +++ b/images/helper/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22-alpine AS builder +FROM golang:1.23-alpine AS builder ARG RELEASE_VERSION=master ARG RELEASE_COMMIT=none diff --git a/images/helper/go.mod b/images/helper/go.mod index cf00a25c..122d978c 100644 --- a/images/helper/go.mod +++ b/images/helper/go.mod @@ -1,6 +1,6 @@ module github.com/humio/humio-operator/images/helper -go 1.22 +go 1.23 require ( k8s.io/api v0.29.5 diff --git a/images/logscale-dummy/Dockerfile b/images/logscale-dummy/Dockerfile index a4789685..c52e8a2f 100644 --- a/images/logscale-dummy/Dockerfile +++ b/images/logscale-dummy/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22-alpine AS builder +FROM golang:1.23-alpine AS builder RUN apk add bash diff --git a/images/logscale-dummy/main.go b/images/logscale-dummy/main.go index eb8fa294..e0f42bdb 100644 --- a/images/logscale-dummy/main.go +++ b/images/logscale-dummy/main.go @@ -8,7 +8,7 @@ import ( func main() { http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - fmt.Fprintf(w, "\n") + _, _ = fmt.Fprintf(w, "\n") }) humioPort := os.Getenv("HUMIO_PORT") @@ -30,7 +30,9 @@ func main() { func runHTTPS(humioPort, esPort string) { if esPort != "" { - go http.ListenAndServeTLS(fmt.Sprintf(":%s", esPort), "cert.pem", "key.pem", nil) + go func() { + _ = http.ListenAndServeTLS(fmt.Sprintf(":%s", esPort), "cert.pem", "key.pem", nil) + }() } err := http.ListenAndServeTLS(fmt.Sprintf(":%s", humioPort), "cert.pem", "key.pem", nil) if err != nil { @@ -40,7 +42,9 @@ func runHTTPS(humioPort, esPort string) { func runHTTP(humioPort, esPort string) { if esPort != "" { - go http.ListenAndServe(fmt.Sprintf(":%s", esPort), nil) + go func() { + _ = http.ListenAndServe(fmt.Sprintf(":%s", esPort), nil) + }() } err := http.ListenAndServe(fmt.Sprintf(":%s", humioPort), nil) @@ -50,7 +54,8 @@ func runHTTP(humioPort, esPort string) { } /* - TODO: Consider loading in the "real" certificate from the keystore instead of baking in a cert.pem and key.pem during build. + TODO: Consider loading in the "real" certificate from the keystore instead of baking in a cert.pem and key.pem during + build. TODO: Consider adding functionality that writes a file so "wait for global file in test cases" will pass. "ls /mnt/global*.json", diff --git a/internal/api/client.go b/internal/api/client.go index 50935453..0fb37229 100644 --- a/internal/api/client.go +++ b/internal/api/client.go @@ -124,7 +124,9 @@ func (c *Client) MakeRequest(ctx context.Context, req *graphql.Request, resp *gr if httpResp == nil { return fmt.Errorf("could not execute http request") } - defer httpResp.Body.Close() + defer func(Body io.ReadCloser) { + _ = Body.Close() + }(httpResp.Body) if httpResp.StatusCode != http.StatusOK { var respBody []byte @@ -156,11 +158,11 @@ func (c *Client) MakeRequest(ctx context.Context, req *graphql.Request, resp *gr } // This prints all extensions. To use this properly, use a logger - //if len(actualResponse.Extensions) > 0 { - // for _, extension := range resp.Extensions { - // fmt.Printf("%v\n", extension) - // } - //} + // if len(actualResponse.Extensions) > 0 { + // for _, extension := range resp.Extensions { + // fmt.Printf("%v\n", extension) + // } + // } if len(actualResponse.Errors) > 0 { return actualResponse.Errors } diff --git a/controllers/humioaction_controller.go b/internal/controller/humioaction_controller.go similarity index 95% rename from controllers/humioaction_controller.go rename to internal/controller/humioaction_controller.go index 975679cd..bf1b0014 100644 --- a/controllers/humioaction_controller.go +++ b/internal/controller/humioaction_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -37,6 +37,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" ) +const ( + redactedSecretValue = "" +) + // HumioActionReconciler reconciles a HumioAction object type HumioActionReconciler struct { client.Client @@ -46,9 +50,9 @@ type HumioActionReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioactions,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioactions/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioactions/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioactions,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioactions/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioactions/finalizers,verbs=update func (r *HumioActionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -99,7 +103,7 @@ func (r *HumioActionReconciler) Reconcile(ctx context.Context, req ctrl.Request) return reconcile.Result{}, validateErr } - defer func(ctx context.Context, humioClient humio.Client, ha *humiov1alpha1.HumioAction) { + defer func(ctx context.Context, ha *humiov1alpha1.HumioAction) { _, err := r.HumioClient.GetAction(ctx, humioHttpClient, req, ha) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioActionStateNotFound, ha) @@ -110,7 +114,7 @@ func (r *HumioActionReconciler) Reconcile(ctx context.Context, req ctrl.Request) return } _ = r.setState(ctx, humiov1alpha1.HumioActionStateExists, ha) - }(ctx, r.HumioClient, ha) + }(ctx, ha) return r.reconcileHumioAction(ctx, humioHttpClient, ha, req) } @@ -298,6 +302,7 @@ func (r *HumioActionReconciler) resolveField(ctx context.Context, namespace, val func (r *HumioActionReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioAction{}). + Named("humioaction"). Complete(r) } @@ -318,6 +323,8 @@ func (r *HumioActionReconciler) logErrorAndReturn(err error, msg string) error { // actionAlreadyAsExpected compares fromKubernetesCustomResource and fromGraphQL. It returns a boolean indicating // if the details from GraphQL already matches what is in the desired state of the custom resource. // If they do not match, a map is returned with details on what the diff is. +// +//nolint:gocyclo func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentAction humiographql.ActionDetails) (bool, map[string]string) { diffMap := map[string]string{} actionType := "unknown" @@ -353,7 +360,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["name"] = diff } if diff := cmp.Diff(c.GetIngestToken(), e.GetIngestToken()); diff != "" { - diffMap["ingestToken"] = "" + diffMap["ingestToken"] = redactedSecretValue } default: diffMap["wrongType"] = fmt.Sprintf("expected type %T but current is %T", e, c) @@ -369,7 +376,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["apiUrl"] = diff } if diff := cmp.Diff(c.GetGenieKey(), e.GetGenieKey()); diff != "" { - diffMap["genieKey"] = "" + diffMap["genieKey"] = redactedSecretValue } if diff := cmp.Diff(c.GetUseProxy(), e.GetUseProxy()); diff != "" { diffMap["useProxy"] = diff @@ -385,7 +392,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["name"] = diff } if diff := cmp.Diff(c.GetRoutingKey(), e.GetRoutingKey()); diff != "" { - diffMap["apiUrl"] = "" + diffMap["apiUrl"] = redactedSecretValue } if diff := cmp.Diff(c.GetSeverity(), e.GetSeverity()); diff != "" { diffMap["genieKey"] = diff @@ -407,7 +414,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["fields"] = diff } if diff := cmp.Diff(c.GetUrl(), e.GetUrl()); diff != "" { - diffMap["url"] = "" + diffMap["url"] = redactedSecretValue } if diff := cmp.Diff(c.GetUseProxy(), e.GetUseProxy()); diff != "" { diffMap["useProxy"] = diff @@ -423,7 +430,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["name"] = diff } if diff := cmp.Diff(c.GetApiToken(), e.GetApiToken()); diff != "" { - diffMap["apiToken"] = "" + diffMap["apiToken"] = redactedSecretValue } if diff := cmp.Diff(c.GetChannels(), e.GetChannels()); diff != "" { diffMap["channels"] = diff @@ -448,7 +455,7 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["messageType"] = diff } if diff := cmp.Diff(c.GetNotifyUrl(), e.GetNotifyUrl()); diff != "" { - diffMap["notifyUrl"] = "" + diffMap["notifyUrl"] = redactedSecretValue } if diff := cmp.Diff(c.GetUseProxy(), e.GetUseProxy()); diff != "" { diffMap["useProxy"] = diff @@ -467,13 +474,13 @@ func actionAlreadyAsExpected(expectedAction humiographql.ActionDetails, currentA diffMap["bodyTemplate"] = diff } if diff := cmp.Diff(c.GetHeaders(), e.GetHeaders()); diff != "" { - diffMap["headers"] = "" + diffMap["headers"] = redactedSecretValue } if diff := cmp.Diff(c.GetMethod(), e.GetMethod()); diff != "" { diffMap["method"] = diff } if diff := cmp.Diff(c.GetUrl(), e.GetUrl()); diff != "" { - diffMap["url"] = "" + diffMap["url"] = redactedSecretValue } if diff := cmp.Diff(c.GetIgnoreSSL(), e.GetIgnoreSSL()); diff != "" { diffMap["ignoreSSL"] = diff diff --git a/controllers/humioaggregatealert_controller.go b/internal/controller/humioaggregatealert_controller.go similarity index 95% rename from controllers/humioaggregatealert_controller.go rename to internal/controller/humioaggregatealert_controller.go index 5371a351..cceb55d3 100644 --- a/controllers/humioaggregatealert_controller.go +++ b/internal/controller/humioaggregatealert_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -23,7 +23,9 @@ import ( "sort" "time" + "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" @@ -33,9 +35,6 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" ) // HumioAggregateAlertReconciler reconciles a HumioAggregateAlert object @@ -47,9 +46,9 @@ type HumioAggregateAlertReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioAggregateAlerts,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioAggregateAlerts/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioAggregateAlerts/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioaggregatealerts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioaggregatealerts/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioaggregatealerts/finalizers,verbs=update func (r *HumioAggregateAlertReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -86,7 +85,7 @@ func (r *HumioAggregateAlertReconciler) Reconcile(ctx context.Context, req ctrl. } humioHttpClient := r.HumioClient.GetHumioHttpClient(cluster.Config(), req) - defer func(ctx context.Context, HumioClient humio.Client, haa *humiov1alpha1.HumioAggregateAlert) { + defer func(ctx context.Context, haa *humiov1alpha1.HumioAggregateAlert) { curAggregateAlert, err := r.HumioClient.GetAggregateAlert(ctx, humioHttpClient, req, haa) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioAggregateAlertStateNotFound, haa) @@ -97,7 +96,7 @@ func (r *HumioAggregateAlertReconciler) Reconcile(ctx context.Context, req ctrl. return } _ = r.setState(ctx, humiov1alpha1.HumioAggregateAlertStateExists, haa) - }(ctx, r.HumioClient, haa) + }(ctx, haa) return r.reconcileHumioAggregateAlert(ctx, humioHttpClient, haa, req) } @@ -199,6 +198,7 @@ func (r *HumioAggregateAlertReconciler) reconcileHumioAggregateAlert(ctx context func (r *HumioAggregateAlertReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioAggregateAlert{}). + Named("humioaggregatealert"). Complete(r) } diff --git a/controllers/humioalert_controller.go b/internal/controller/humioalert_controller.go similarity index 95% rename from controllers/humioalert_controller.go rename to internal/controller/humioalert_controller.go index e0d5c80d..301406ca 100644 --- a/controllers/humioalert_controller.go +++ b/internal/controller/humioalert_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -23,20 +23,18 @@ import ( "sort" "time" + "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" k8serrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) // HumioAlertReconciler reconciles a HumioAlert object @@ -48,9 +46,9 @@ type HumioAlertReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioalerts,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioalerts/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioalerts/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioalerts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioalerts/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioalerts/finalizers,verbs=update func (r *HumioAlertReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -87,7 +85,7 @@ func (r *HumioAlertReconciler) Reconcile(ctx context.Context, req ctrl.Request) } humioHttpClient := r.HumioClient.GetHumioHttpClient(cluster.Config(), req) - defer func(ctx context.Context, humioClient humio.Client, ha *humiov1alpha1.HumioAlert) { + defer func(ctx context.Context, ha *humiov1alpha1.HumioAlert) { _, err := r.HumioClient.GetAlert(ctx, humioHttpClient, req, ha) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioAlertStateNotFound, ha) @@ -98,7 +96,7 @@ func (r *HumioAlertReconciler) Reconcile(ctx context.Context, req ctrl.Request) return } _ = r.setState(ctx, humiov1alpha1.HumioAlertStateExists, ha) - }(ctx, r.HumioClient, ha) + }(ctx, ha) return r.reconcileHumioAlert(ctx, humioHttpClient, ha, req) } @@ -185,6 +183,7 @@ func (r *HumioAlertReconciler) reconcileHumioAlert(ctx context.Context, client * func (r *HumioAlertReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioAlert{}). + Named("humioalert"). Complete(r) } diff --git a/controllers/humiobootstraptoken_controller.go b/internal/controller/humiobootstraptoken_controller.go similarity index 97% rename from controllers/humiobootstraptoken_controller.go rename to internal/controller/humiobootstraptoken_controller.go index 24dddb92..0016d4e0 100644 --- a/controllers/humiobootstraptoken_controller.go +++ b/internal/controller/humiobootstraptoken_controller.go @@ -1,9 +1,12 @@ /* Copyright 2020 Humio https://humio.com + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -11,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "bytes" @@ -22,26 +25,21 @@ import ( "strings" "time" + "github.com/go-logr/logr" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/kubernetes" + corev1 "k8s.io/api/core/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/remotecommand" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - - k8serrors "k8s.io/apimachinery/pkg/api/errors" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) const ( @@ -64,9 +62,9 @@ type HumioBootstrapTokenSecretData struct { HashedToken string `json:"hashedToken"` } -//+kubebuilder:rbac:groups=core.humio.com,resources=HumioBootstrapTokens,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=HumioBootstrapTokens/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=HumioBootstrapTokens/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humiobootstraptokens,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humiobootstraptokens/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humiobootstraptokens/finalizers,verbs=update // Reconcile runs the reconciler for a HumioBootstrapToken object func (r *HumioBootstrapTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -405,6 +403,7 @@ func (r *HumioBootstrapTokenReconciler) getBootstrapTokenSecret(ctx context.Cont func (r *HumioBootstrapTokenReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioBootstrapToken{}). + Named("humiobootstraptoken"). Owns(&corev1.Secret{}). Owns(&corev1.Pod{}). Complete(r) diff --git a/controllers/humiobootstraptoken_defaults.go b/internal/controller/humiobootstraptoken_defaults.go similarity index 97% rename from controllers/humiobootstraptoken_defaults.go rename to internal/controller/humiobootstraptoken_defaults.go index 079ab7aa..c605fd7d 100644 --- a/controllers/humiobootstraptoken_defaults.go +++ b/internal/controller/humiobootstraptoken_defaults.go @@ -1,9 +1,9 @@ -package controllers +package controller import ( "fmt" - "github.com/humio/humio-operator/controllers/versions" + "github.com/humio/humio-operator/internal/controller/versions" "k8s.io/apimachinery/pkg/api/resource" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" diff --git a/controllers/humiobootstraptoken_pods.go b/internal/controller/humiobootstraptoken_pods.go similarity index 98% rename from controllers/humiobootstraptoken_pods.go rename to internal/controller/humiobootstraptoken_pods.go index f461f632..c9117617 100644 --- a/controllers/humiobootstraptoken_pods.go +++ b/internal/controller/humiobootstraptoken_pods.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "github.com/humio/humio-operator/internal/helpers" diff --git a/controllers/humiocluster_annotations.go b/internal/controller/humiocluster_annotations.go similarity index 97% rename from controllers/humiocluster_annotations.go rename to internal/controller/humiocluster_annotations.go index 10a3abcb..33fb7c09 100644 --- a/controllers/humiocluster_annotations.go +++ b/internal/controller/humiocluster_annotations.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller const ( // Set on Pod and Certificate objects diff --git a/controllers/humiocluster_controller.go b/internal/controller/humiocluster_controller.go similarity index 98% rename from controllers/humiocluster_controller.go rename to internal/controller/humiocluster_controller.go index 54b68021..8a244a0c 100644 --- a/controllers/humiocluster_controller.go +++ b/internal/controller/humiocluster_controller.go @@ -14,18 +14,21 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" "errors" "fmt" "reflect" + "slices" "strings" "time" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" @@ -34,15 +37,10 @@ import ( networkingv1 "k8s.io/api/networking/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/strings/slices" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) // HumioClusterReconciler reconciles a HumioCluster object @@ -66,20 +64,21 @@ const ( waitingOnPodsMessage = "waiting for pods to become ready" ) -//+kubebuilder:rbac:groups=core.humio.com,resources=humioclusters,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioclusters/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioclusters/finalizers,verbs=update -//+kubebuilder:rbac:groups=core,resources=pods,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=services,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=services/finalizers,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=endpoints,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=events,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=secrets,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingress,verbs=create;delete;get;list;patch;update;watch - +// +kubebuilder:rbac:groups=core.humio.com,resources=humioclusters,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioclusters/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioclusters/finalizers,verbs=update +// +kubebuilder:rbac:groups=core,resources=pods,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=services,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=services/finalizers,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=endpoints,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=events,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=secrets,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingress,verbs=create;delete;get;list;patch;update;watch + +//nolint:gocyclo func (r *HumioClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { // when running tests, ignore resources that are not in the correct namespace if r.Namespace != "" { @@ -119,10 +118,10 @@ func (r *HumioClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request // on conflicts which they'll be on many of the status updates. // We should be able to bundle all the options together and do a single update using StatusWriter. // Bundling options in a single StatusWriter.Update() should help reduce the number of conflicts. - defer func(ctx context.Context, humioClient humio.Client, hc *humiov1alpha1.HumioCluster) { + defer func(ctx context.Context, hc *humiov1alpha1.HumioCluster) { _, _ = r.updateStatus(ctx, r.Client.Status(), hc, statusOptions(). withObservedGeneration(hc.GetGeneration())) - }(ctx, r.HumioClient, hc) + }(ctx, hc) // validate details in HumioCluster resource is valid if result, err := r.verifyHumioClusterConfigurationIsValid(ctx, hc, humioNodePools); result != emptyResult || err != nil { @@ -314,6 +313,7 @@ func (r *HumioClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request func (r *HumioClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioCluster{}). + Named("humiocluster"). Owns(&corev1.Pod{}). Owns(&corev1.Secret{}). Owns(&corev1.Service{}). @@ -1436,6 +1436,8 @@ func (r *HumioClusterReconciler) ensureInternalServiceExists(ctx context.Context // ensureNodePoolSpecificResourcesHaveLabelWithNodePoolName updates resources that were created prior to the introduction of node pools. // We need this because multiple resources now includes an additional label containing the name of the node pool a given resource belongs to. +// +//nolint:gocyclo func (r *HumioClusterReconciler) ensureNodePoolSpecificResourcesHaveLabelWithNodePoolName(ctx context.Context, hnp *HumioNodePool) error { allPods, err := kubernetes.ListPods(ctx, r.Client, hnp.GetNamespace(), hnp.GetCommonClusterLabels()) if err != nil { @@ -1802,6 +1804,8 @@ func (r *HumioClusterReconciler) ensureHumioServiceAccountAnnotations(ctx contex // If there are changes that fall under a recreate update, then the pod restart policy is set to PodRestartPolicyRecreate // and the reconciliation will requeue and the deletions will continue to be executed until all the pods have been // removed. +// +//nolint:gocyclo func (r *HumioClusterReconciler) ensureMismatchedPodsAreDeleted(ctx context.Context, hc *humiov1alpha1.HumioCluster, hnp *HumioNodePool) (reconcile.Result, error) { r.Log.Info("ensuring mismatching pods are deleted") diff --git a/controllers/humiocluster_controller_test.go b/internal/controller/humiocluster_controller_test.go similarity index 98% rename from controllers/humiocluster_controller_test.go rename to internal/controller/humiocluster_controller_test.go index 48eb99f1..aeb21c14 100644 --- a/controllers/humiocluster_controller_test.go +++ b/internal/controller/humiocluster_controller_test.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "testing" diff --git a/controllers/humiocluster_defaults.go b/internal/controller/humiocluster_defaults.go similarity index 99% rename from controllers/humiocluster_defaults.go rename to internal/controller/humiocluster_defaults.go index e72171f6..a0c48190 100644 --- a/controllers/humiocluster_defaults.go +++ b/internal/controller/humiocluster_defaults.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "fmt" @@ -27,15 +27,17 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - "github.com/humio/humio-operator/controllers/versions" + "github.com/humio/humio-operator/internal/controller/versions" corev1 "k8s.io/api/core/v1" ) const ( targetReplicationFactor = 2 digestPartitionsCount = 24 + HumioPortName = "http" HumioPort = 8080 - elasticPort = 9200 + ElasticPortName = "es" + ElasticPort = 9200 idpCertificateFilename = "idp-certificate.pem" ExtraKafkaPropertiesFilename = "extra-kafka-properties.properties" ViewGroupPermissionsFilename = "view-group-permissions.json" @@ -393,7 +395,7 @@ func (hnp *HumioNodePool) GetEnvironmentVariables() []corev1.EnvVar { }, {Name: "HUMIO_PORT", Value: strconv.Itoa(HumioPort)}, - {Name: "ELASTIC_PORT", Value: strconv.Itoa(elasticPort)}, + {Name: "ELASTIC_PORT", Value: strconv.Itoa(ElasticPort)}, {Name: "DEFAULT_DIGEST_REPLICATION_FACTOR", Value: strconv.Itoa(hnp.GetTargetReplicationFactor())}, {Name: "DEFAULT_SEGMENT_REPLICATION_FACTOR", Value: strconv.Itoa(hnp.GetTargetReplicationFactor())}, {Name: "INGEST_QUEUE_INITIAL_PARTITIONS", Value: strconv.Itoa(hnp.GetDigestPartitionsCount())}, @@ -793,7 +795,7 @@ func (hnp *HumioNodePool) GetHumioESServicePort() int32 { if hnp.humioNodeSpec.HumioESServicePort != 0 { return hnp.humioNodeSpec.HumioESServicePort } - return elasticPort + return ElasticPort } func (hnp *HumioNodePool) GetServiceType() corev1.ServiceType { diff --git a/controllers/humiocluster_defaults_test.go b/internal/controller/humiocluster_defaults_test.go similarity index 99% rename from controllers/humiocluster_defaults_test.go rename to internal/controller/humiocluster_defaults_test.go index d7fe53dc..3c452d79 100644 --- a/controllers/humiocluster_defaults_test.go +++ b/internal/controller/humiocluster_defaults_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "strings" diff --git a/controllers/humiocluster_ingresses.go b/internal/controller/humiocluster_ingresses.go similarity index 85% rename from controllers/humiocluster_ingresses.go rename to internal/controller/humiocluster_ingresses.go index 18406a7a..a80671c5 100644 --- a/controllers/humiocluster_ingresses.go +++ b/internal/controller/humiocluster_ingresses.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "fmt" @@ -26,6 +26,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +const ( + nginxIngressProxyBodySize = "512m" + nginxIngressProxyHTTPVersion = "1.1" + nginxIngressConfigFlagEnabled = "true" +) + func constructNginxIngressAnnotations(hc *humiov1alpha1.HumioCluster, hostname string, ingressSpecificAnnotations map[string]string) map[string]string { annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/configuration-snippet"] = ` @@ -39,11 +45,11 @@ more_set_headers "X-XSS-Protection: 1; mode=block";` annotations["nginx.ingress.kubernetes.io/cors-allow-headers"] = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" annotations["nginx.ingress.kubernetes.io/cors-allow-methods"] = "GET, PUT, POST, DELETE, PATCH, OPTIONS" annotations["nginx.ingress.kubernetes.io/cors-allow-origin"] = fmt.Sprintf("https://%s", hostname) - annotations["nginx.ingress.kubernetes.io/enable-cors"] = "true" + annotations["nginx.ingress.kubernetes.io/enable-cors"] = nginxIngressConfigFlagEnabled annotations["nginx.ingress.kubernetes.io/upstream-vhost"] = hostname if ingressTLSOrDefault(hc) { - annotations["nginx.ingress.kubernetes.io/force-ssl-redirect"] = "true" + annotations["nginx.ingress.kubernetes.io/force-ssl-redirect"] = nginxIngressConfigFlagEnabled } if helpers.TLSEnabled(hc) { @@ -62,8 +68,8 @@ more_set_headers "X-XSS-Protection: 1; mode=block";` func ConstructGeneralIngress(hc *humiov1alpha1.HumioCluster, hostname string) *networkingv1.Ingress { annotations := make(map[string]string) - annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = "512m" - annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = "1.1" + annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = nginxIngressProxyBodySize + annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = nginxIngressProxyHTTPVersion annotations["nginx.ingress.kubernetes.io/proxy-read-timeout"] = "25" return constructIngress( hc, @@ -78,10 +84,10 @@ func ConstructGeneralIngress(hc *humiov1alpha1.HumioCluster, hostname string) *n func ConstructStreamingQueryIngress(hc *humiov1alpha1.HumioCluster, hostname string) *networkingv1.Ingress { annotations := make(map[string]string) - annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = "512m" - annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = "1.1" + annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = nginxIngressProxyBodySize + annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = nginxIngressProxyHTTPVersion annotations["nginx.ingress.kubernetes.io/proxy-read-timeout"] = "4h" - annotations["nginx.ingress.kubernetes.io/use-regex"] = "true" + annotations["nginx.ingress.kubernetes.io/use-regex"] = nginxIngressConfigFlagEnabled annotations["nginx.ingress.kubernetes.io/proxy-buffering"] = "off" return constructIngress( hc, @@ -96,10 +102,10 @@ func ConstructStreamingQueryIngress(hc *humiov1alpha1.HumioCluster, hostname str func ConstructIngestIngress(hc *humiov1alpha1.HumioCluster, hostname string) *networkingv1.Ingress { annotations := make(map[string]string) - annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = "512m" - annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = "1.1" + annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = nginxIngressProxyBodySize + annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = nginxIngressProxyHTTPVersion annotations["nginx.ingress.kubernetes.io/proxy-read-timeout"] = "90" - annotations["nginx.ingress.kubernetes.io/use-regex"] = "true" + annotations["nginx.ingress.kubernetes.io/use-regex"] = nginxIngressConfigFlagEnabled return constructIngress( hc, fmt.Sprintf("%s-ingest", hc.Name), @@ -118,25 +124,25 @@ func ConstructIngestIngress(hc *humiov1alpha1.HumioCluster, hostname string) *ne func ConstructESIngestIngress(hc *humiov1alpha1.HumioCluster, esHostname string) *networkingv1.Ingress { annotations := make(map[string]string) - annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = "512m" - annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = "1.1" + annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = nginxIngressProxyBodySize + annotations["nginx.ingress.kubernetes.io/proxy-http-version"] = nginxIngressProxyHTTPVersion annotations["nginx.ingress.kubernetes.io/proxy-read-timeout"] = "90" return constructIngress( hc, fmt.Sprintf("%s-es-ingest", hc.Name), esHostname, []string{humioPathOrDefault(hc)}, - elasticPort, + ElasticPort, esCertificateSecretNameOrDefault(hc), constructNginxIngressAnnotations(hc, esHostname, annotations), ) } func constructIngress(hc *humiov1alpha1.HumioCluster, name string, hostname string, paths []string, port int32, secretName string, annotations map[string]string) *networkingv1.Ingress { - var httpIngressPaths []networkingv1.HTTPIngressPath + httpIngressPaths := make([]networkingv1.HTTPIngressPath, len(paths)) pathTypeImplementationSpecific := networkingv1.PathTypeImplementationSpecific - for _, path := range paths { - httpIngressPaths = append(httpIngressPaths, networkingv1.HTTPIngressPath{ + for idx, path := range paths { + httpIngressPaths[idx] = networkingv1.HTTPIngressPath{ Path: path, PathType: &pathTypeImplementationSpecific, Backend: networkingv1.IngressBackend{ @@ -147,7 +153,7 @@ func constructIngress(hc *humiov1alpha1.HumioCluster, name string, hostname stri }, }, }, - }) + } } ingress := networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/humiocluster_metrics.go b/internal/controller/humiocluster_metrics.go similarity index 99% rename from controllers/humiocluster_metrics.go rename to internal/controller/humiocluster_metrics.go index e70fe055..4e891456 100644 --- a/controllers/humiocluster_metrics.go +++ b/internal/controller/humiocluster_metrics.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "reflect" diff --git a/controllers/humiocluster_permission_tokens.go b/internal/controller/humiocluster_permission_tokens.go similarity index 99% rename from controllers/humiocluster_permission_tokens.go rename to internal/controller/humiocluster_permission_tokens.go index 4af5d571..8907c19c 100644 --- a/controllers/humiocluster_permission_tokens.go +++ b/internal/controller/humiocluster_permission_tokens.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "context" diff --git a/controllers/humiocluster_persistent_volumes.go b/internal/controller/humiocluster_persistent_volumes.go similarity index 96% rename from controllers/humiocluster_persistent_volumes.go rename to internal/controller/humiocluster_persistent_volumes.go index 9341b49d..a9864e1b 100644 --- a/controllers/humiocluster_persistent_volumes.go +++ b/internal/controller/humiocluster_persistent_volumes.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -45,7 +45,7 @@ func constructPersistentVolumeClaim(hnp *HumioNodePool) *corev1.PersistentVolume func FindPvcForPod(pvcList []corev1.PersistentVolumeClaim, pod corev1.Pod) (corev1.PersistentVolumeClaim, error) { for _, pvc := range pvcList { for _, volume := range pod.Spec.Volumes { - if volume.Name == "humio-data" { + if volume.Name == HumioDataVolumeName { if volume.VolumeSource.PersistentVolumeClaim == nil { continue } @@ -66,7 +66,7 @@ func FindNextAvailablePvc(pvcList []corev1.PersistentVolumeClaim, podList []core // run through all pods and record PVC claim name for "humio-data" volume for _, pod := range podList { for _, volume := range pod.Spec.Volumes { - if volume.Name == "humio-data" { + if volume.Name == HumioDataVolumeName { if volume.PersistentVolumeClaim == nil { continue } diff --git a/controllers/humiocluster_pod_lifecycle.go b/internal/controller/humiocluster_pod_lifecycle.go similarity index 99% rename from controllers/humiocluster_pod_lifecycle.go rename to internal/controller/humiocluster_pod_lifecycle.go index 989d7ed5..23fe2601 100644 --- a/controllers/humiocluster_pod_lifecycle.go +++ b/internal/controller/humiocluster_pod_lifecycle.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" diff --git a/controllers/humiocluster_pod_status.go b/internal/controller/humiocluster_pod_status.go similarity index 99% rename from controllers/humiocluster_pod_status.go rename to internal/controller/humiocluster_pod_status.go index ec6d272f..4e92e4de 100644 --- a/controllers/humiocluster_pod_status.go +++ b/internal/controller/humiocluster_pod_status.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "context" diff --git a/controllers/humiocluster_pod_status_test.go b/internal/controller/humiocluster_pod_status_test.go similarity index 98% rename from controllers/humiocluster_pod_status_test.go rename to internal/controller/humiocluster_pod_status_test.go index a68348d3..ca1b0148 100644 --- a/controllers/humiocluster_pod_status_test.go +++ b/internal/controller/humiocluster_pod_status_test.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "testing" diff --git a/controllers/humiocluster_pods.go b/internal/controller/humiocluster_pods.go similarity index 98% rename from controllers/humiocluster_pods.go rename to internal/controller/humiocluster_pods.go index 0acdb7b8..4fc64e24 100644 --- a/controllers/humiocluster_pods.go +++ b/internal/controller/humiocluster_pods.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -45,6 +45,7 @@ import ( const ( humioAppPath = "/app/humio" + HumioDataVolumeName = "humio-data" HumioDataPath = "/data/humio-data" sharedPath = "/shared" waitForPodTimeoutSeconds = 10 @@ -115,20 +116,20 @@ func ConstructPod(hnp *HumioNodePool, humioNodeName string, attachments *podAtta Command: []string{"/bin/sh"}, Ports: []corev1.ContainerPort{ { - Name: "http", + Name: HumioPortName, ContainerPort: HumioPort, Protocol: "TCP", }, { - Name: "es", - ContainerPort: elasticPort, + Name: ElasticPortName, + ContainerPort: ElasticPort, Protocol: "TCP", }, }, Env: hnp.GetEnvironmentVariables(), VolumeMounts: []corev1.VolumeMount{ { - Name: "humio-data", + Name: HumioDataVolumeName, MountPath: HumioDataPath, }, { @@ -159,7 +160,7 @@ func ConstructPod(hnp *HumioNodePool, humioNodeName string, attachments *podAtta } pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ - Name: "humio-data", + Name: HumioDataVolumeName, VolumeSource: attachments.dataVolumeSource, }) @@ -534,14 +535,14 @@ func sanitizePod(hnp *HumioNodePool, pod *corev1.Pod) *corev1.Pod { } for _, volume := range pod.Spec.Volumes { - if volume.Name == "humio-data" && reflect.DeepEqual(volume.PersistentVolumeClaim, emptyPersistentVolumeClaimSource) { + if volume.Name == HumioDataVolumeName && reflect.DeepEqual(volume.PersistentVolumeClaim, emptyPersistentVolumeClaimSource) { sanitizedVolumes = append(sanitizedVolumes, corev1.Volume{ - Name: "humio-data", + Name: HumioDataVolumeName, VolumeSource: hnp.GetDataVolumeSource(), }) - } else if volume.Name == "humio-data" && !reflect.DeepEqual(volume.PersistentVolumeClaim, emptyPersistentVolumeClaimSource) { + } else if volume.Name == HumioDataVolumeName && !reflect.DeepEqual(volume.PersistentVolumeClaim, emptyPersistentVolumeClaimSource) { sanitizedVolumes = append(sanitizedVolumes, corev1.Volume{ - Name: "humio-data", + Name: HumioDataVolumeName, VolumeSource: hnp.GetDataVolumePersistentVolumeClaimSpecTemplate(""), }) } else if volume.Name == "tls-cert" { @@ -1047,7 +1048,7 @@ func (r *HumioClusterReconciler) getPodStatusList(ctx context.Context, hc *humio } if pool.PVCsEnabled() { for _, volume := range pod.Spec.Volumes { - if volume.Name == "humio-data" { + if volume.Name == HumioDataVolumeName { if volume.PersistentVolumeClaim != nil { podStatus.PvcName = volume.PersistentVolumeClaim.ClaimName } else { diff --git a/controllers/humiocluster_secrets.go b/internal/controller/humiocluster_secrets.go similarity index 98% rename from controllers/humiocluster_secrets.go rename to internal/controller/humiocluster_secrets.go index 74ff7710..4eb80967 100644 --- a/controllers/humiocluster_secrets.go +++ b/internal/controller/humiocluster_secrets.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "context" diff --git a/controllers/humiocluster_services.go b/internal/controller/humiocluster_services.go similarity index 94% rename from controllers/humiocluster_services.go rename to internal/controller/humiocluster_services.go index 81a3e11d..99510b76 100644 --- a/controllers/humiocluster_services.go +++ b/internal/controller/humiocluster_services.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "fmt" @@ -52,14 +52,14 @@ func ConstructService(hnp *HumioNodePool) *corev1.Service { Selector: hnp.GetNodePoolLabels(), Ports: []corev1.ServicePort{ { - Name: "http", + Name: HumioPortName, Port: hnp.GetHumioServicePort(), TargetPort: intstr.IntOrString{IntVal: HumioPort}, }, { - Name: "es", + Name: ElasticPortName, Port: hnp.GetHumioESServicePort(), - TargetPort: intstr.IntOrString{IntVal: elasticPort}, + TargetPort: intstr.IntOrString{IntVal: ElasticPort}, }, }, }, @@ -81,12 +81,12 @@ func constructHeadlessService(hc *humiov1alpha1.HumioCluster) *corev1.Service { PublishNotReadyAddresses: true, Ports: []corev1.ServicePort{ { - Name: "http", + Name: HumioPortName, Port: HumioPort, }, { - Name: "es", - Port: elasticPort, + Name: ElasticPortName, + Port: ElasticPort, }, }, }, @@ -107,12 +107,12 @@ func constructInternalService(hc *humiov1alpha1.HumioCluster) *corev1.Service { }), Ports: []corev1.ServicePort{ { - Name: "http", + Name: HumioPortName, Port: HumioPort, }, { - Name: "es", - Port: elasticPort, + Name: ElasticPortName, + Port: ElasticPort, }, }, }, diff --git a/controllers/humiocluster_status.go b/internal/controller/humiocluster_status.go similarity index 98% rename from controllers/humiocluster_status.go rename to internal/controller/humiocluster_status.go index 80353c37..735cb86e 100644 --- a/controllers/humiocluster_status.go +++ b/internal/controller/humiocluster_status.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -117,16 +117,16 @@ func (o *optionBuilder) withNodePoolState(state string, nodePoolName string, pod } func (o *optionBuilder) withNodePoolStatusList(humioNodePoolStatusList humiov1alpha1.HumioNodePoolStatusList) *optionBuilder { - var statesList []stateOption - for _, poolStatus := range humioNodePoolStatusList { - statesList = append(statesList, stateOption{ + statesList := make([]stateOption, len(humioNodePoolStatusList)) + for idx, poolStatus := range humioNodePoolStatusList { + statesList[idx] = stateOption{ nodePoolName: poolStatus.Name, state: poolStatus.State, zoneUnderMaintenance: poolStatus.ZoneUnderMaintenance, desiredPodRevision: poolStatus.DesiredPodRevision, desiredPodHash: poolStatus.DesiredPodHash, desiredBootstrapTokenHash: poolStatus.DesiredBootstrapTokenHash, - }) + } } o.options = append(o.options, stateOptionList{ statesList: statesList, diff --git a/controllers/humiocluster_tls.go b/internal/controller/humiocluster_tls.go similarity index 99% rename from controllers/humiocluster_tls.go rename to internal/controller/humiocluster_tls.go index de4abfe6..8a6f034b 100644 --- a/controllers/humiocluster_tls.go +++ b/internal/controller/humiocluster_tls.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "bytes" diff --git a/controllers/humiocluster_version.go b/internal/controller/humiocluster_version.go similarity index 98% rename from controllers/humiocluster_version.go rename to internal/controller/humiocluster_version.go index 4436e24a..4688914a 100644 --- a/controllers/humiocluster_version.go +++ b/internal/controller/humiocluster_version.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "fmt" diff --git a/controllers/humiocluster_version_test.go b/internal/controller/humiocluster_version_test.go similarity index 99% rename from controllers/humiocluster_version_test.go rename to internal/controller/humiocluster_version_test.go index be19b268..4cfec5de 100644 --- a/controllers/humiocluster_version_test.go +++ b/internal/controller/humiocluster_version_test.go @@ -1,4 +1,4 @@ -package controllers +package controller import ( "testing" diff --git a/controllers/humioexternalcluster_controller.go b/internal/controller/humioexternalcluster_controller.go similarity index 91% rename from controllers/humioexternalcluster_controller.go rename to internal/controller/humioexternalcluster_controller.go index 7325cac0..afa69c8d 100644 --- a/controllers/humioexternalcluster_controller.go +++ b/internal/controller/humioexternalcluster_controller.go @@ -14,24 +14,22 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" "fmt" "time" + "github.com/go-logr/logr" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" k8serrors "k8s.io/apimachinery/pkg/api/errors" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) // HumioExternalClusterReconciler reconciles a HumioExternalCluster object @@ -43,9 +41,9 @@ type HumioExternalClusterReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioexternalclusters/finalizers,verbs=update func (r *HumioExternalClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -118,6 +116,7 @@ func (r *HumioExternalClusterReconciler) Reconcile(ctx context.Context, req ctrl func (r *HumioExternalClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioExternalCluster{}). + Named("humioexternalcluster"). Complete(r) } diff --git a/controllers/humioexternalcluster_status.go b/internal/controller/humioexternalcluster_status.go similarity index 98% rename from controllers/humioexternalcluster_status.go rename to internal/controller/humioexternalcluster_status.go index 16724c36..72c04f5d 100644 --- a/controllers/humioexternalcluster_status.go +++ b/internal/controller/humioexternalcluster_status.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" diff --git a/controllers/humiofilteralert_controller.go b/internal/controller/humiofilteralert_controller.go similarity index 95% rename from controllers/humiofilteralert_controller.go rename to internal/controller/humiofilteralert_controller.go index d260703a..645a27bb 100644 --- a/controllers/humiofilteralert_controller.go +++ b/internal/controller/humiofilteralert_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -23,20 +23,18 @@ import ( "sort" "time" + "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" k8serrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) // HumioFilterAlertReconciler reconciles a HumioFilterAlert object @@ -48,9 +46,9 @@ type HumioFilterAlertReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humiofilteralerts/finalizers,verbs=update func (r *HumioFilterAlertReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -87,7 +85,7 @@ func (r *HumioFilterAlertReconciler) Reconcile(ctx context.Context, req ctrl.Req } humioHttpClient := r.HumioClient.GetHumioHttpClient(cluster.Config(), req) - defer func(ctx context.Context, humioClient humio.Client, hfa *humiov1alpha1.HumioFilterAlert) { + defer func(ctx context.Context, hfa *humiov1alpha1.HumioFilterAlert) { _, err := r.HumioClient.GetFilterAlert(ctx, humioHttpClient, req, hfa) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioFilterAlertStateNotFound, hfa) @@ -98,7 +96,7 @@ func (r *HumioFilterAlertReconciler) Reconcile(ctx context.Context, req ctrl.Req return } _ = r.setState(ctx, humiov1alpha1.HumioFilterAlertStateExists, hfa) - }(ctx, r.HumioClient, hfa) + }(ctx, hfa) return r.reconcileHumioFilterAlert(ctx, humioHttpClient, hfa, req) } @@ -196,6 +194,7 @@ func (r *HumioFilterAlertReconciler) reconcileHumioFilterAlert(ctx context.Conte func (r *HumioFilterAlertReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioFilterAlert{}). + Named("humiofilteralert"). Complete(r) } diff --git a/controllers/humioingesttoken_controller.go b/internal/controller/humioingesttoken_controller.go similarity index 96% rename from controllers/humioingesttoken_controller.go rename to internal/controller/humioingesttoken_controller.go index 014592b1..e1417703 100644 --- a/controllers/humioingesttoken_controller.go +++ b/internal/controller/humioingesttoken_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -24,6 +24,7 @@ import ( "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" @@ -35,8 +36,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/reconcile" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" ) const humioFinalizer = "core.humio.com/finalizer" // TODO: Not only used for ingest tokens, but also parsers, repositories and views. @@ -50,9 +49,9 @@ type HumioIngestTokenReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioingesttokens/finalizers,verbs=update func (r *HumioIngestTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -185,6 +184,7 @@ func (r *HumioIngestTokenReconciler) Reconcile(ctx context.Context, req ctrl.Req func (r *HumioIngestTokenReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioIngestToken{}). + Named("humioingesttoken"). Owns(&corev1.Secret{}). Complete(r) } diff --git a/controllers/humioingesttoken_metrics.go b/internal/controller/humioingesttoken_metrics.go similarity index 98% rename from controllers/humioingesttoken_metrics.go rename to internal/controller/humioingesttoken_metrics.go index 9a506fa7..f3ce7802 100644 --- a/controllers/humioingesttoken_metrics.go +++ b/internal/controller/humioingesttoken_metrics.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "reflect" diff --git a/controllers/humioparser_controller.go b/internal/controller/humioparser_controller.go similarity index 96% rename from controllers/humioparser_controller.go rename to internal/controller/humioparser_controller.go index 580f2f45..fcd53749 100644 --- a/controllers/humioparser_controller.go +++ b/internal/controller/humioparser_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -23,20 +23,18 @@ import ( "sort" "time" + "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" k8serrors "k8s.io/apimachinery/pkg/api/errors" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/go-logr/logr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/reconcile" ) // HumioParserReconciler reconciles a HumioParser object @@ -48,9 +46,9 @@ type HumioParserReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioparsers,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioparsers/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioparsers/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioparsers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioparsers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioparsers/finalizers,verbs=update func (r *HumioParserReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -178,6 +176,7 @@ func (r *HumioParserReconciler) Reconcile(ctx context.Context, req ctrl.Request) func (r *HumioParserReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioParser{}). + Named("humioparser"). Complete(r) } diff --git a/controllers/humiorepository_controller.go b/internal/controller/humiorepository_controller.go similarity index 96% rename from controllers/humiorepository_controller.go rename to internal/controller/humiorepository_controller.go index 6236518c..9da6b60e 100644 --- a/controllers/humiorepository_controller.go +++ b/internal/controller/humiorepository_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -23,18 +23,18 @@ import ( "time" "github.com/google/go-cmp/cmp" - humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + + humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" k8serrors "k8s.io/apimachinery/pkg/api/errors" "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/go-logr/logr" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" ) @@ -47,9 +47,9 @@ type HumioRepositoryReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humiorepositories/finalizers,verbs=update func (r *HumioRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -177,6 +177,7 @@ func (r *HumioRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Requ func (r *HumioRepositoryReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioRepository{}). + Named("humiorepository"). Complete(r) } diff --git a/controllers/humioscheduledsearch_controller.go b/internal/controller/humioscheduledsearch_controller.go similarity index 95% rename from controllers/humioscheduledsearch_controller.go rename to internal/controller/humioscheduledsearch_controller.go index e10881d3..dbef3976 100644 --- a/controllers/humioscheduledsearch_controller.go +++ b/internal/controller/humioscheduledsearch_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -24,19 +24,19 @@ import ( "time" "github.com/google/go-cmp/cmp" - humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + + humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/go-logr/logr" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" ) // HumioScheduledSearchReconciler reconciles a HumioScheduledSearch object @@ -48,9 +48,9 @@ type HumioScheduledSearchReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioscheduledsearches/finalizers,verbs=update func (r *HumioScheduledSearchReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -87,7 +87,7 @@ func (r *HumioScheduledSearchReconciler) Reconcile(ctx context.Context, req ctrl } humioHttpClient := r.HumioClient.GetHumioHttpClient(cluster.Config(), req) - defer func(ctx context.Context, humioClient humio.Client, hss *humiov1alpha1.HumioScheduledSearch) { + defer func(ctx context.Context, hss *humiov1alpha1.HumioScheduledSearch) { _, err := r.HumioClient.GetScheduledSearch(ctx, humioHttpClient, req, hss) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioScheduledSearchStateNotFound, hss) @@ -98,7 +98,7 @@ func (r *HumioScheduledSearchReconciler) Reconcile(ctx context.Context, req ctrl return } _ = r.setState(ctx, humiov1alpha1.HumioScheduledSearchStateExists, hss) - }(ctx, r.HumioClient, hss) + }(ctx, hss) return r.reconcileHumioScheduledSearch(ctx, humioHttpClient, hss, req) } @@ -185,6 +185,7 @@ func (r *HumioScheduledSearchReconciler) reconcileHumioScheduledSearch(ctx conte func (r *HumioScheduledSearchReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioScheduledSearch{}). + Named("humioscheduledsearch"). Complete(r) } diff --git a/controllers/humioview_controller.go b/internal/controller/humioview_controller.go similarity index 94% rename from controllers/humioview_controller.go rename to internal/controller/humioview_controller.go index b5e69d46..ce544296 100644 --- a/controllers/humioview_controller.go +++ b/internal/controller/humioview_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -25,6 +25,7 @@ import ( "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" humioapi "github.com/humio/humio-operator/internal/api" "github.com/humio/humio-operator/internal/api/humiographql" "github.com/humio/humio-operator/internal/helpers" @@ -34,8 +35,6 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" ) // HumioViewReconciler reconciles a HumioView object @@ -47,9 +46,9 @@ type HumioViewReconciler struct { Namespace string } -//+kubebuilder:rbac:groups=core.humio.com,resources=humioviews,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core.humio.com,resources=humioviews/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core.humio.com,resources=humioviews/finalizers,verbs=update +// +kubebuilder:rbac:groups=core.humio.com,resources=humioviews,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core.humio.com,resources=humioviews/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core.humio.com,resources=humioviews/finalizers,verbs=update func (r *HumioViewReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { if r.Namespace != "" { @@ -126,7 +125,7 @@ func (r *HumioViewReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( return reconcile.Result{Requeue: true}, nil } - defer func(ctx context.Context, humioClient humio.Client, hv *humiov1alpha1.HumioView) { + defer func(ctx context.Context, hv *humiov1alpha1.HumioView) { _, err := r.HumioClient.GetView(ctx, humioHttpClient, req, hv) if errors.As(err, &humioapi.EntityNotFound{}) { _ = r.setState(ctx, humiov1alpha1.HumioViewStateNotFound, hv) @@ -137,7 +136,7 @@ func (r *HumioViewReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( return } _ = r.setState(ctx, humiov1alpha1.HumioViewStateExists, hv) - }(ctx, r.HumioClient, hv) + }(ctx, hv) r.Log.Info("get current view") curView, err := r.HumioClient.GetView(ctx, humioHttpClient, req, hv) @@ -172,6 +171,7 @@ func (r *HumioViewReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( func (r *HumioViewReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&humiov1alpha1.HumioView{}). + Named("humioview"). Complete(r) } diff --git a/controllers/suite/clusters/humiocluster_controller_test.go b/internal/controller/suite/clusters/humiocluster_controller_test.go similarity index 87% rename from controllers/suite/clusters/humiocluster_controller_test.go rename to internal/controller/suite/clusters/humiocluster_controller_test.go index 0bdf530f..6a4fcd35 100644 --- a/controllers/suite/clusters/humiocluster_controller_test.go +++ b/internal/controller/suite/clusters/humiocluster_controller_test.go @@ -26,9 +26,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - "github.com/humio/humio-operator/controllers" - "github.com/humio/humio-operator/controllers/suite" - "github.com/humio/humio-operator/controllers/versions" + "github.com/humio/humio-operator/internal/controller" + "github.com/humio/humio-operator/internal/controller/suite" + "github.com/humio/humio-operator/internal/controller/versions" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/kubernetes" . "github.com/onsi/ginkgo/v2" @@ -82,19 +82,19 @@ var _ = Describe("HumioCluster Controller", func() { Name: "humiocluster-multi-node-pool", Namespace: testProcessNamespace, } - toCreate := constructBasicMultiNodePoolHumioCluster(key, true, 1) + toCreate := constructBasicMultiNodePoolHumioCluster(key, 1) suite.UsingClusterBy(key.Name, "Creating the cluster successfully") ctx := context.Background() - createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning) + createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate) Eventually(func() error { - _, err := kubernetes.GetService(ctx, k8sClient, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) + _, err := kubernetes.GetService(ctx, k8sClient, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) return err }, testTimeout, suite.TestInterval).Should(Succeed()) Eventually(func() error { - _, err := kubernetes.GetService(ctx, k8sClient, controllers.NewHumioNodeManagerFromHumioNodePool(toCreate, &toCreate.Spec.NodePools[0]).GetServiceName(), key.Namespace) + _, err := kubernetes.GetService(ctx, k8sClient, controller.NewHumioNodeManagerFromHumioNodePool(toCreate, &toCreate.Spec.NodePools[0]).GetServiceName(), key.Namespace) return err }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -114,7 +114,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Verifying the main service is deleted") Eventually(func() bool { - _, err := kubernetes.GetService(ctx, k8sClient, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) + _, err := kubernetes.GetService(ctx, k8sClient, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) return k8serrors.IsNotFound(err) }, testTimeout, suite.TestInterval).Should(BeTrue()) @@ -128,16 +128,16 @@ var _ = Describe("HumioCluster Controller", func() { Name: "humiocluster-node-pool-only", Namespace: testProcessNamespace, } - toCreate := constructBasicMultiNodePoolHumioCluster(key, true, 2) + toCreate := constructBasicMultiNodePoolHumioCluster(key, 2) toCreate.Spec.NodeCount = 0 toCreate.Spec.DataVolumeSource = corev1.VolumeSource{} toCreate.Spec.DataVolumePersistentVolumeClaimSpecTemplate = corev1.PersistentVolumeClaimSpec{} suite.UsingClusterBy(key.Name, "Creating the cluster successfully") ctx := context.Background() - createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning) + createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate) - _, err := kubernetes.GetService(ctx, k8sClient, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) + _, err := kubernetes.GetService(ctx, k8sClient, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetServiceName(), key.Namespace) Expect(k8serrors.IsNotFound(err)).Should(BeTrue()) defer suite.CleanupCluster(ctx, k8sClient, toCreate) @@ -212,7 +212,7 @@ var _ = Describe("HumioCluster Controller", func() { Expect(err).Should(Succeed()) } return updatedHumioCluster.Status.Message - }, testTimeout, suite.TestInterval).Should(Equal(fmt.Sprintf("Humio version must be at least %s: unsupported Humio version: %s", controllers.HumioVersionMinimumSupported, strings.Split(strings.Split(versions.OldUnsupportedHumioVersion(), ":")[1], "-")[0]))) + }, testTimeout, suite.TestInterval).Should(Equal(fmt.Sprintf("Humio version must be at least %s: unsupported Humio version: %s", controller.HumioVersionMinimumSupported, strings.Split(strings.Split(versions.OldUnsupportedHumioVersion(), ":")[1], "-")[0]))) }) }) @@ -232,15 +232,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image successfully") Eventually(func() error { @@ -259,7 +259,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -270,14 +270,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(versions.UpgradeJumpHumioVersion())) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -315,9 +315,9 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) var updatedClusterPods []corev1.Pod - updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) for _, pod := range updatedClusterPods { - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } suite.UsingClusterBy(key.Name, "Updating the cluster resources successfully with broken affinity") @@ -352,16 +352,16 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRestarting)) - ensurePodsGoPending(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsGoPending(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() int { var pendingPodsCount int - updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) for _, pod := range updatedClusterPods { if pod.Status.Phase == corev1.PodPending { for _, condition := range pod.Status.Conditions { if condition.Type == corev1.PodScheduled { - if condition.Status == corev1.ConditionFalse && condition.Reason == controllers.PodConditionReasonUnschedulable { + if condition.Status == corev1.ConditionFalse && condition.Reason == controller.PodConditionReasonUnschedulable { pendingPodsCount++ } } @@ -386,7 +386,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() []corev1.Pod { podsMarkedAsPending := []corev1.Pod{} - currentPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + currentPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) if err != nil { // wrap error in pod object, so that we can still see the error if the Eventually() fails return []corev1.Pod{ @@ -403,15 +403,15 @@ var _ = Describe("HumioCluster Controller", func() { len(pod.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms[0].MatchExpressions) > 0 { if pod.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms[0].MatchExpressions[0].Key == "some-none-existent-label" { - markPodAsPendingUnschedulableIfUsingEnvtest(ctx, k8sClient, pod, key.Name) + _ = markPodAsPendingUnschedulableIfUsingEnvtest(ctx, k8sClient, pod, key.Name) } } } return podsMarkedAsPending - }, testTimeout, suite.TestInterval).Should(HaveLen(0)) + }, testTimeout, suite.TestInterval).Should(BeEmpty()) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) Eventually(func() string { Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) @@ -439,15 +439,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image successfully") Eventually(func() error { @@ -467,7 +467,7 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) suite.UsingClusterBy(key.Name, "Pods upgrade in a rolling fashion because update strategy is explicitly set to rolling update") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -478,14 +478,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(versions.UpgradeJumpHumioVersion())) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -514,15 +514,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image successfully") updatedImage := versions.DefaultHumioImageVersion() @@ -543,12 +543,12 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) suite.UsingClusterBy(key.Name, "Confirming pods have not been recreated") - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } suite.UsingClusterBy(key.Name, "Simulating manual deletion of pods") @@ -558,7 +558,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() []corev1.Pod { var clusterPods []corev1.Pod - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) _ = suite.MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) return clusterPods }, testTimeout, suite.TestInterval).Should(HaveLen(toCreate.Spec.NodeCount)) @@ -572,14 +572,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -608,15 +608,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image successfully") Eventually(func() error { @@ -636,7 +636,7 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) suite.UsingClusterBy(key.Name, "Pods upgrade in a rolling fashion because the new version is a patch release") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -647,14 +647,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(versions.UpgradePatchBestEffortNewVersion())) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -683,15 +683,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image successfully") Eventually(func() error { @@ -712,7 +712,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Pods upgrade at the same time because the new version is more than one"+ "minor revision greater than the previous version") - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -723,14 +723,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(versions.UpgradeRollingBestEffortVersionJumpNewVersion())) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -756,23 +756,23 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).To(ContainElement(corev1.EnvVar{ Name: "EXTERNAL_URL", Value: "http://$(POD_NAME).humiocluster-update-ext-url-headless.$(POD_NAMESPACE):$(HUMIO_PORT)", })) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Waiting for pods to be Running") Eventually(func() int { var runningPods int - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) for _, pod := range clusterPods { if pod.Status.Phase == corev1.PodRunning { runningPods++ @@ -792,7 +792,7 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -803,17 +803,17 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).To(ContainElement(corev1.EnvVar{ Name: "EXTERNAL_URL", Value: "https://$(POD_NAME).humiocluster-update-ext-url-headless.$(POD_NAMESPACE):$(HUMIO_PORT)", })) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } } }) @@ -826,7 +826,7 @@ var _ = Describe("HumioCluster Controller", func() { Namespace: testProcessNamespace, } originalImage := versions.OldSupportedHumioVersion() - toCreate := constructBasicMultiNodePoolHumioCluster(key, true, 1) + toCreate := constructBasicMultiNodePoolHumioCluster(key, 1) toCreate.Spec.Image = originalImage toCreate.Spec.NodeCount = 1 toCreate.Spec.NodePools[0].NodeCount = 1 @@ -834,7 +834,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Creating the cluster successfully") ctx := context.Background() - createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning) + createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate) defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster @@ -849,15 +849,15 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Status().Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image on the main node pool successfully") updatedImage := versions.UpgradeJumpHumioVersion() @@ -882,7 +882,7 @@ var _ = Describe("HumioCluster Controller", func() { ctx2, cancel := context.WithCancel(context.Background()) go monitorMaxNumberNodePoolsWithSpecificNodePoolStatus(ctx2, k8sClient, key, forever, &mostSeenNodePoolsWithUpgradingState, humiov1alpha1.HumioClusterStateUpgrading) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -893,24 +893,24 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for main pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } suite.UsingClusterBy(key.Name, "Confirming pod revision did not change for the other node pool") - nonUpdatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetPodLabels()) + nonUpdatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetPodLabels()) Expect(nonUpdatedClusterPods).To(HaveLen(toCreate.Spec.NodePools[0].NodeCount)) Expect(updatedHumioCluster.Spec.NodePools[0].Image).To(Equal(originalImage)) for _, pod := range nonUpdatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(originalImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } suite.UsingClusterBy(key.Name, "Updating the cluster image on the additional node pool successfully") @@ -930,7 +930,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -941,24 +941,24 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetPodLabels()) + updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodePools[0].NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } suite.UsingClusterBy(key.Name, "Confirming pod revision did not change for the main node pool") - updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -987,7 +987,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) suite.UsingClusterBy(key.Name, "Adding missing imageSource to pod spec") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -1050,7 +1050,7 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -1061,14 +1061,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -1093,14 +1093,14 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) suite.UsingClusterBy(key.Name, "Updating the cluster image unsuccessfully with broken image") updatedImage := fmt.Sprintf("%s-missing-image", versions.DefaultHumioImageVersion()) @@ -1123,12 +1123,12 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Waiting until pods are started with the bad image") Eventually(func() int { var badPodCount int - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) suite.UsingClusterBy(key.Name, fmt.Sprintf("Found of %d pods", len(clusterPods))) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - suite.UsingClusterBy(key.Name, fmt.Sprintf("Pod %s uses image %s and is using revision %s", pod.Name, pod.Spec.Containers[humioIndex].Image, pod.Annotations[controllers.PodRevisionAnnotation])) - if pod.Spec.Containers[humioIndex].Image == updatedImage && pod.Annotations[controllers.PodRevisionAnnotation] == "2" { + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + suite.UsingClusterBy(key.Name, fmt.Sprintf("Pod %s uses image %s and is using revision %s", pod.Name, pod.Spec.Containers[humioIndex].Image, pod.Annotations[controller.PodRevisionAnnotation])) + if pod.Spec.Containers[humioIndex].Image == updatedImage && pod.Annotations[controller.PodRevisionAnnotation] == "2" { badPodCount++ } } @@ -1136,7 +1136,7 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(toCreate.Spec.NodeCount)) suite.UsingClusterBy(key.Name, "Simulating mock pods to be scheduled") - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { _ = markPodAsPendingImagePullBackOffIfUsingEnvtest(ctx, k8sClient, pod, key.Name) } @@ -1166,7 +1166,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsSimultaneousRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3) + ensurePodsSimultaneousRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -1177,14 +1177,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(3)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(3)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations[controllers.PodRevisionAnnotation]).To(Equal("3")) + Expect(pod.Annotations[controller.PodRevisionAnnotation]).To(Equal("3")) } if helpers.TLSEnabled(&updatedHumioCluster) { @@ -1214,17 +1214,17 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Validating pod uses default helper image as init container") Eventually(func() string { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) _ = suite.MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) for _, pod := range clusterPods { - initIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controllers.InitContainerName) + initIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controller.InitContainerName) return pod.Spec.InitContainers[initIdx].Image } return "" }, testTimeout, suite.TestInterval).Should(Equal(versions.DefaultHelperImageVersion())) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) suite.UsingClusterBy(key.Name, "Overriding helper image") var updatedHumioCluster humiov1alpha1.HumioCluster upgradedHelperImage := versions.UpgradeHelperImageVersion() @@ -1238,19 +1238,19 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Validating pod is recreated using the explicitly defined helper image as init container") Eventually(func() string { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - initIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controllers.InitContainerName) + initIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controller.InitContainerName) return pod.Spec.InitContainers[initIdx].Image } return "" }, testTimeout, suite.TestInterval).Should(Equal(upgradedHelperImage)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) if helpers.TLSEnabled(&updatedHumioCluster) { suite.UsingClusterBy(key.Name, "Ensuring pod names are not changed") @@ -1278,17 +1278,17 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Validating pod bootstrap token annotation hash") Eventually(func() string { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) _ = suite.MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) if len(clusterPods) > 0 { - return clusterPods[0].Annotations[controllers.BootstrapTokenHashAnnotation] + return clusterPods[0].Annotations[controller.BootstrapTokenHashAnnotation] } return "" }, testTimeout, suite.TestInterval).Should(Not(Equal(""))) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) - bootstrapTokenHashValue := clusterPods[0].Annotations[controllers.BootstrapTokenHashAnnotation] + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + bootstrapTokenHashValue := clusterPods[0].Annotations[controller.BootstrapTokenHashAnnotation] suite.UsingClusterBy(key.Name, "Rotating bootstrap token") var bootstrapTokenSecret corev1.Secret @@ -1297,9 +1297,9 @@ var _ = Describe("HumioCluster Controller", func() { Name: fmt.Sprintf("%s-%s", key.Name, kubernetes.BootstrapTokenSecretNameSuffix), Namespace: key.Namespace, } - Expect(k8sClient.Get(ctx, bootstrapTokenSecretKey, &bootstrapTokenSecret)).To(BeNil()) + Expect(k8sClient.Get(ctx, bootstrapTokenSecretKey, &bootstrapTokenSecret)).To(Succeed()) bootstrapTokenSecret.Data["hashedToken"] = []byte("some new token") - Expect(k8sClient.Update(ctx, &bootstrapTokenSecret)).To(BeNil()) + Expect(k8sClient.Update(ctx, &bootstrapTokenSecret)).To(Succeed()) var updatedHumioCluster humiov1alpha1.HumioCluster Eventually(func() string { @@ -1309,20 +1309,20 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRestarting)) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Validating pod is recreated with the new bootstrap token hash annotation") Eventually(func() string { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) _ = suite.MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) if len(clusterPods) > 0 { - return clusterPods[0].Annotations[controllers.BootstrapTokenHashAnnotation] + return clusterPods[0].Annotations[controller.BootstrapTokenHashAnnotation] } return "" }, testTimeout, suite.TestInterval).Should(Not(Equal(bootstrapTokenHashValue))) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) if helpers.TLSEnabled(&updatedHumioCluster) { suite.UsingClusterBy(key.Name, "Ensuring pod names are not changed") @@ -1379,9 +1379,9 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).Should(ContainElement(toCreate.Spec.EnvironmentVariables[0])) } @@ -1434,7 +1434,7 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRestarting)) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -1443,17 +1443,17 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRunning)) Eventually(func() bool { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(len(clusterPods)).To(BeIdenticalTo(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).Should(ContainElement(updatedEnvironmentVariables[0])) } return true }, testTimeout, suite.TestInterval).Should(BeTrue()) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) if helpers.TLSEnabled(&updatedHumioCluster) { suite.UsingClusterBy(key.Name, "Ensuring pod names are not changed") Expect(podNames(clusterPods)).To(Equal(podNames(updatedClusterPods))) @@ -1467,7 +1467,7 @@ var _ = Describe("HumioCluster Controller", func() { Name: "humiocluster-update-envvar-np", Namespace: testProcessNamespace, } - toCreate := constructBasicMultiNodePoolHumioCluster(key, true, 1) + toCreate := constructBasicMultiNodePoolHumioCluster(key, 1) toCreate.Spec.UpdateStrategy = &humiov1alpha1.HumioUpdateStrategy{ Type: humiov1alpha1.HumioClusterUpdateStrategyRollingUpdate, } @@ -1538,11 +1538,11 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Creating the cluster successfully") ctx := context.Background() - createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning) + createAndBootstrapMultiNodePoolCluster(ctx, k8sClient, testHumioClient, toCreate) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - mainNodePoolManager := controllers.NewHumioNodeManagerFromHumioCluster(toCreate) - customNodePoolManager := controllers.NewHumioNodeManagerFromHumioNodePool(toCreate, &toCreate.Spec.NodePools[0]) + mainNodePoolManager := controller.NewHumioNodeManagerFromHumioCluster(toCreate) + customNodePoolManager := controller.NewHumioNodeManagerFromHumioNodePool(toCreate, &toCreate.Spec.NodePools[0]) expectedCommonVars := []corev1.EnvVar{ { @@ -1557,7 +1557,7 @@ var _ = Describe("HumioCluster Controller", func() { clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, mainNodePoolManager.GetPodLabels()) Expect(clusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).To(ContainElements(append(expectedCommonVars, corev1.EnvVar{ Name: "test", Value: ""}))) } @@ -1565,7 +1565,7 @@ var _ = Describe("HumioCluster Controller", func() { customClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, customNodePoolManager.GetPodLabels()) Expect(clusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range customClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).To(ContainElements(append(expectedCommonVars, corev1.EnvVar{ Name: "test", Value: "np"}))) } @@ -1661,7 +1661,7 @@ var _ = Describe("HumioCluster Controller", func() { Expect(len(clusterPods)).To(BeIdenticalTo(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).Should(ContainElement(updatedEnvironmentVariables[0])) } return true @@ -1674,13 +1674,13 @@ var _ = Describe("HumioCluster Controller", func() { } suite.UsingClusterBy(key.Name, "Confirming pod revision did not change for the other node pool") - additionalNodePoolManager := controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]) + additionalNodePoolManager := controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[0]) nonUpdatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, additionalNodePoolManager.GetPodLabels()) Expect(nonUpdatedClusterPods).To(HaveLen(toCreate.Spec.NodePools[0].NodeCount)) Expect(updatedHumioCluster.Spec.NodePools[0].EnvironmentVariables).To(Equal(toCreate.Spec.NodePools[0].EnvironmentVariables)) for _, pod := range nonUpdatedClusterPods { - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, additionalNodePoolManager.GetPodLabels()) @@ -1749,7 +1749,7 @@ var _ = Describe("HumioCluster Controller", func() { Expect(len(clusterPods)).To(BeIdenticalTo(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Env).Should(ContainElements(npUpdatedEnvironmentVariables)) } return true @@ -1770,7 +1770,7 @@ var _ = Describe("HumioCluster Controller", func() { nonUpdatedClusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, mainNodePoolManager.GetPodLabels()) Expect(nonUpdatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range nonUpdatedClusterPods { - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } }) }) @@ -1796,10 +1796,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Waiting for ingresses to be created") desiredIngresses := []*networkingv1.Ingress{ - controllers.ConstructGeneralIngress(toCreate, toCreate.Spec.Hostname), - controllers.ConstructStreamingQueryIngress(toCreate, toCreate.Spec.Hostname), - controllers.ConstructIngestIngress(toCreate, toCreate.Spec.Hostname), - controllers.ConstructESIngestIngress(toCreate, toCreate.Spec.ESHostname), + controller.ConstructGeneralIngress(toCreate, toCreate.Spec.Hostname), + controller.ConstructStreamingQueryIngress(toCreate, toCreate.Spec.Hostname), + controller.ConstructIngestIngress(toCreate, toCreate.Spec.Hostname), + controller.ConstructESIngestIngress(toCreate, toCreate.Spec.ESHostname), } var foundIngressList []networkingv1.Ingress @@ -1863,10 +1863,10 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) desiredIngresses = []*networkingv1.Ingress{ - controllers.ConstructGeneralIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), - controllers.ConstructStreamingQueryIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), - controllers.ConstructIngestIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), - controllers.ConstructESIngestIngress(&existingHumioCluster, existingHumioCluster.Spec.ESHostname), + controller.ConstructGeneralIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), + controller.ConstructStreamingQueryIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), + controller.ConstructIngestIngress(&existingHumioCluster, existingHumioCluster.Spec.Hostname), + controller.ConstructESIngestIngress(&existingHumioCluster, existingHumioCluster.Spec.ESHostname), } Eventually(func() bool { ingresses, _ := kubernetes.ListIngresses(ctx, k8sClient, key.Namespace, kubernetes.MatchingLabelsForHumio(toCreate.Name)) @@ -1935,7 +1935,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() ([]networkingv1.Ingress, error) { return kubernetes.ListIngresses(ctx, k8sClient, key.Namespace, kubernetes.MatchingLabelsForHumio(toCreate.Name)) - }, testTimeout, suite.TestInterval).Should(HaveLen(0)) + }, testTimeout, suite.TestInterval).Should(BeEmpty()) }) }) @@ -1954,7 +1954,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) Eventually(func() bool { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, toCreate.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, toCreate.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) Expect(len(clusterPods)).To(BeIdenticalTo(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { @@ -1981,7 +1981,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) Eventually(func() bool { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, toCreate.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, toCreate.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) Expect(len(clusterPods)).To(BeIdenticalTo(toCreate.Spec.NodeCount)) for _, pod := range clusterPods { @@ -2010,11 +2010,11 @@ var _ = Describe("HumioCluster Controller", func() { svc, _ := kubernetes.GetService(ctx, k8sClient, key.Name, key.Namespace) Expect(svc.Spec.Type).To(BeIdenticalTo(corev1.ServiceTypeClusterIP)) for _, port := range svc.Spec.Ports { - if port.Name == "http" { - Expect(port.Port).Should(Equal(int32(8080))) + if port.Name == controller.HumioPortName { + Expect(port.Port).Should(Equal(int32(controller.HumioPort))) } - if port.Name == "es" { - Expect(port.Port).Should(Equal(int32(9200))) + if port.Name == controller.ElasticPortName { + Expect(port.Port).Should(Equal(int32(controller.ElasticPort))) } } var updatedHumioCluster humiov1alpha1.HumioCluster @@ -2032,7 +2032,7 @@ var _ = Describe("HumioCluster Controller", func() { // status.observedGeneration to equal at least that of the current resource version. This will avoid race // conditions where the HumioCluster is updated and service is deleted midway through reconciliation. suite.WaitForReconcileToSync(ctx, key, k8sClient, &updatedHumioCluster, testTimeout) - Expect(k8sClient.Delete(ctx, controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) + Expect(k8sClient.Delete(ctx, controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) suite.UsingClusterBy(key.Name, "Confirming we can see the updated HumioCluster object") Eventually(func() corev1.ServiceType { @@ -2068,7 +2068,7 @@ var _ = Describe("HumioCluster Controller", func() { // status.observedGeneration to equal at least that of the current resource version. This will avoid race // conditions where the HumioCluster is updated and service is deleted mid-way through a reconcile. suite.WaitForReconcileToSync(ctx, key, k8sClient, &updatedHumioCluster, testTimeout) - Expect(k8sClient.Delete(ctx, controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) + Expect(k8sClient.Delete(ctx, controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) suite.UsingClusterBy(key.Name, "Confirming service gets recreated with correct Humio port") Eventually(func() types.UID { @@ -2080,7 +2080,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() int32 { svc, _ = kubernetes.GetService(ctx, k8sClient, key.Name, key.Namespace) for _, port := range svc.Spec.Ports { - if port.Name == "http" { + if port.Name == controller.HumioPortName { return port.Port } } @@ -2100,7 +2100,7 @@ var _ = Describe("HumioCluster Controller", func() { // status.observedGeneration to equal at least that of the current resource version. This will avoid race // conditions where the HumioCluster is updated and service is deleted mid-way through a reconcile. suite.WaitForReconcileToSync(ctx, key, k8sClient, &updatedHumioCluster, testTimeout) - Expect(k8sClient.Delete(ctx, controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) + Expect(k8sClient.Delete(ctx, controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)))).To(Succeed()) suite.UsingClusterBy(key.Name, "Confirming service gets recreated with correct ES port") Eventually(func() types.UID { @@ -2112,7 +2112,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() int32 { svc, _ = kubernetes.GetService(ctx, k8sClient, key.Name, key.Namespace) for _, port := range svc.Spec.Ports { - if port.Name == "es" { + if port.Name == controller.ElasticPortName { return port.Port } } @@ -2136,7 +2136,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming we can see the updated service annotations") Eventually(func() map[string]string { - service := controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) + service := controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) Expect(k8sClient.Get(ctx, key, service)).To(Succeed()) return service.Annotations }, testTimeout, suite.TestInterval).Should(HaveKeyWithValue(updatedAnnotationKey, updatedAnnotationValue)) @@ -2155,7 +2155,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming we can see the updated service labels") Eventually(func() map[string]string { - service := controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) + service := controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) Expect(k8sClient.Get(ctx, key, service)).To(Succeed()) return service.Labels }, testTimeout, suite.TestInterval).Should(HaveKeyWithValue(updatedLabelsKey, updatedLabelsValue)) @@ -2164,7 +2164,7 @@ var _ = Describe("HumioCluster Controller", func() { // a new selector. This test confirms the operator will be able to migrate to different selectors on the // service. suite.UsingClusterBy(key.Name, "Updating service selector for migration to node pools") - service := controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) + service := controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) Expect(k8sClient.Get(ctx, key, service)).To(Succeed()) delete(service.Spec.Selector, "humio.com/node-pool") Expect(k8sClient.Update(ctx, service)).To(Succeed()) @@ -2172,7 +2172,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.WaitForReconcileToSync(ctx, key, k8sClient, &updatedHumioCluster, testTimeout) Eventually(func() map[string]string { - service := controllers.ConstructService(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) + service := controller.ConstructService(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster)) Expect(k8sClient.Get(ctx, key, service)).To(Succeed()) return service.Spec.Selector }, testTimeout, suite.TestInterval).Should(HaveKeyWithValue("humio.com/node-pool", key.Name)) @@ -2181,11 +2181,11 @@ var _ = Describe("HumioCluster Controller", func() { headlessSvc, _ := kubernetes.GetService(ctx, k8sClient, fmt.Sprintf("%s-headless", key.Name), key.Namespace) Expect(headlessSvc.Spec.Type).To(BeIdenticalTo(corev1.ServiceTypeClusterIP)) for _, port := range headlessSvc.Spec.Ports { - if port.Name == "http" { - Expect(port.Port).Should(Equal(int32(8080))) + if port.Name == controller.HumioPortName { + Expect(port.Port).Should(Equal(int32(controller.HumioPort))) } - if port.Name == "es" { - Expect(port.Port).Should(Equal(int32(9200))) + if port.Name == controller.ElasticPortName { + Expect(port.Port).Should(Equal(int32(controller.ElasticPort))) } } @@ -2228,11 +2228,11 @@ var _ = Describe("HumioCluster Controller", func() { internalSvc, _ := kubernetes.GetService(ctx, k8sClient, fmt.Sprintf("%s-internal", key.Name), key.Namespace) Expect(internalSvc.Spec.Type).To(BeIdenticalTo(corev1.ServiceTypeClusterIP)) for _, port := range internalSvc.Spec.Ports { - if port.Name == "http" { - Expect(port.Port).Should(Equal(int32(8080))) + if port.Name == controller.HumioPortName { + Expect(port.Port).Should(Equal(int32(controller.HumioPort))) } - if port.Name == "es" { - Expect(port.Port).Should(Equal(int32(9200))) + if port.Name == controller.ElasticPortName { + Expect(port.Port).Should(Equal(int32(controller.ElasticPort))) } } internalSvc, _ = kubernetes.GetService(ctx, k8sClient, fmt.Sprintf("%s-internal", key.Name), key.Namespace) @@ -2259,10 +2259,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - hnp := controllers.NewHumioNodeManagerFromHumioCluster(toCreate) + hnp := controller.NewHumioNodeManagerFromHumioCluster(toCreate) clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, hnp.GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].Args).To(Equal([]string{"-c", "export CORES=$(getconf _NPROCESSORS_ONLN) && export HUMIO_OPTS=\"$HUMIO_OPTS -XX:ActiveProcessorCount=$(getconf _NPROCESSORS_ONLN)\" && export ZONE=$(cat /shared/availability-zone) && exec bash /app/humio/run.sh"})) } @@ -2278,13 +2278,13 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - hnp = controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster) + hnp = controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster) expectedContainerArgString := "export CORES=$(getconf _NPROCESSORS_ONLN) && export HUMIO_OPTS=\"$HUMIO_OPTS -XX:ActiveProcessorCount=$(getconf _NPROCESSORS_ONLN)\" && export ZONE=$(cat /shared/availability-zone) && exec bash /app/humio/run.sh" Eventually(func() []string { clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, hnp.GetPodLabels()) if len(clusterPods) > 0 { - humioIdx, _ := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) return clusterPods[0].Spec.Containers[humioIdx].Args } return []string{} @@ -2304,10 +2304,10 @@ var _ = Describe("HumioCluster Controller", func() { ctx := context.Background() suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - hnp := controllers.NewHumioNodeManagerFromHumioCluster(toCreate) + hnp := controller.NewHumioNodeManagerFromHumioCluster(toCreate) clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, hnp.GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].Args).To(Equal([]string{"-c", "export CORES=$(getconf _NPROCESSORS_ONLN) && export HUMIO_OPTS=\"$HUMIO_OPTS -XX:ActiveProcessorCount=$(getconf _NPROCESSORS_ONLN)\" && export ZONE=$(cat /shared/availability-zone) && exec bash /app/humio/run.sh"})) } @@ -2326,9 +2326,9 @@ var _ = Describe("HumioCluster Controller", func() { expectedContainerArgString := "export CORES=$(getconf _NPROCESSORS_ONLN) && export HUMIO_OPTS=\"$HUMIO_OPTS -XX:ActiveProcessorCount=$(getconf _NPROCESSORS_ONLN)\" && export ZONE=$(cat /shared/availability-zone) && exec bash /app/humio/run.sh" Eventually(func() []string { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) if len(clusterPods) > 0 { - humioIdx, _ := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) return clusterPods[0].Spec.Containers[humioIdx].Args } return []string{} @@ -2348,7 +2348,7 @@ var _ = Describe("HumioCluster Controller", func() { ctx := context.Background() suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - humioServiceAccountName := fmt.Sprintf("%s-%s", key.Name, controllers.HumioServiceAccountNameSuffix) + humioServiceAccountName := fmt.Sprintf("%s-%s", key.Name, controller.HumioServiceAccountNameSuffix) Eventually(func() error { _, err := kubernetes.GetServiceAccount(ctx, k8sClient, humioServiceAccountName, key.Namespace) @@ -2407,9 +2407,9 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - Expect(pod.Spec.SecurityContext).To(Equal(controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodSecurityContext())) + Expect(pod.Spec.SecurityContext).To(Equal(controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodSecurityContext())) } suite.UsingClusterBy(key.Name, "Updating Pod Security Context to be empty") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -2422,10 +2422,10 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() bool { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { if !reflect.DeepEqual(pod.Spec.SecurityContext, &corev1.PodSecurityContext{}) { return false @@ -2434,7 +2434,7 @@ var _ = Describe("HumioCluster Controller", func() { return true }, testTimeout, suite.TestInterval).Should(BeTrue()) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.SecurityContext).To(Equal(&corev1.PodSecurityContext{})) } @@ -2451,17 +2451,17 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) Eventually(func() corev1.PodSecurityContext { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return *pod.Spec.SecurityContext } return corev1.PodSecurityContext{} }, testTimeout, suite.TestInterval).Should(BeEquivalentTo(corev1.PodSecurityContext{RunAsNonRoot: helpers.BoolPtr(true)})) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.SecurityContext).To(Equal(&corev1.PodSecurityContext{RunAsNonRoot: helpers.BoolPtr(true)})) } @@ -2484,10 +2484,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(pod.Spec.Containers[humioIdx].SecurityContext).To(Equal(controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerSecurityContext())) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(pod.Spec.Containers[humioIdx].SecurityContext).To(Equal(controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerSecurityContext())) } suite.UsingClusterBy(key.Name, "Updating Container Security Context to be empty") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -2500,12 +2500,12 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() bool { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) if !reflect.DeepEqual(pod.Spec.Containers[humioIdx].SecurityContext, &corev1.SecurityContext{}) { return false } @@ -2513,9 +2513,9 @@ var _ = Describe("HumioCluster Controller", func() { return true }, testTimeout, suite.TestInterval).Should(BeTrue()) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].SecurityContext).To(Equal(&corev1.SecurityContext{})) } @@ -2537,13 +2537,13 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 3, 1) Eventually(func() corev1.SecurityContext { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return *pod.Spec.Containers[humioIdx].SecurityContext } return corev1.SecurityContext{} @@ -2555,9 +2555,9 @@ var _ = Describe("HumioCluster Controller", func() { }, })) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].SecurityContext).To(Equal(&corev1.SecurityContext{ Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{ @@ -2585,12 +2585,12 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(pod.Spec.Containers[humioIdx].ReadinessProbe).To(Equal(controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerReadinessProbe())) - Expect(pod.Spec.Containers[humioIdx].LivenessProbe).To(Equal(controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerLivenessProbe())) - Expect(pod.Spec.Containers[humioIdx].StartupProbe).To(Equal(controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerStartupProbe())) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(pod.Spec.Containers[humioIdx].ReadinessProbe).To(Equal(controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerReadinessProbe())) + Expect(pod.Spec.Containers[humioIdx].LivenessProbe).To(Equal(controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerLivenessProbe())) + Expect(pod.Spec.Containers[humioIdx].StartupProbe).To(Equal(controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetContainerStartupProbe())) } suite.UsingClusterBy(key.Name, "Updating Container probes to be empty") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -2606,13 +2606,13 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Confirming pods have the updated revision") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Confirming pods do not have a readiness probe set") Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].ReadinessProbe } return &corev1.Probe{ @@ -2624,9 +2624,9 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have a liveness probe set") Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].LivenessProbe } return &corev1.Probe{ @@ -2638,9 +2638,9 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have a startup probe set") Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].StartupProbe } return &corev1.Probe{ @@ -2661,7 +2661,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2675,7 +2675,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2689,7 +2689,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2702,13 +2702,13 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].ReadinessProbe } return &corev1.Probe{} @@ -2716,7 +2716,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2728,10 +2728,10 @@ var _ = Describe("HumioCluster Controller", func() { })) Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].LivenessProbe } return &corev1.Probe{} @@ -2739,7 +2739,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2751,10 +2751,10 @@ var _ = Describe("HumioCluster Controller", func() { })) Eventually(func() *corev1.Probe { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].StartupProbe } return &corev1.Probe{} @@ -2762,7 +2762,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2772,14 +2772,14 @@ var _ = Describe("HumioCluster Controller", func() { FailureThreshold: 30, })) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].ReadinessProbe).To(Equal(&corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2793,7 +2793,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2807,7 +2807,7 @@ var _ = Describe("HumioCluster Controller", func() { ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/api/v1/config", - Port: intstr.IntOrString{IntVal: controllers.HumioPort}, + Port: intstr.IntOrString{IntVal: controller.HumioPort}, Scheme: getProbeScheme(&updatedHumioCluster), }, }, @@ -2833,20 +2833,20 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].Env).To(ContainElement(corev1.EnvVar{ Name: "EXTRA_KAFKA_CONFIGS_FILE", - Value: fmt.Sprintf("/var/lib/humio/extra-kafka-configs-configmap/%s", controllers.ExtraKafkaPropertiesFilename), + Value: fmt.Sprintf("/var/lib/humio/extra-kafka-configs-configmap/%s", controller.ExtraKafkaPropertiesFilename), })) } suite.UsingClusterBy(key.Name, "Confirming pods have additional volume mounts for extra kafka configs") Eventually(func() []corev1.VolumeMount { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].VolumeMounts } return []corev1.VolumeMount{} @@ -2859,7 +2859,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods have additional volumes for extra kafka configs") mode := int32(420) Eventually(func() []corev1.Volume { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return pod.Spec.Volumes } @@ -2869,7 +2869,7 @@ var _ = Describe("HumioCluster Controller", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), + Name: controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), }, DefaultMode: &mode, }, @@ -2877,8 +2877,8 @@ var _ = Describe("HumioCluster Controller", func() { })) suite.UsingClusterBy(key.Name, "Confirming config map contains desired extra kafka configs") - configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), key.Namespace) - Expect(configMap.Data[controllers.ExtraKafkaPropertiesFilename]).To(Equal(toCreate.Spec.ExtraKafkaConfigs)) + configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), key.Namespace) + Expect(configMap.Data[controller.ExtraKafkaPropertiesFilename]).To(Equal(toCreate.Spec.ExtraKafkaConfigs)) suite.UsingClusterBy(key.Name, "Removing extra kafka configs") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -2893,22 +2893,22 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have environment variable enabling extra kafka configs") Eventually(func() []corev1.EnvVar { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].Env } return []corev1.EnvVar{} }, testTimeout, suite.TestInterval).ShouldNot(ContainElement(corev1.EnvVar{ Name: "EXTRA_KAFKA_CONFIGS_FILE", - Value: fmt.Sprintf("/var/lib/humio/extra-kafka-configs-configmap/%s", controllers.ExtraKafkaPropertiesFilename), + Value: fmt.Sprintf("/var/lib/humio/extra-kafka-configs-configmap/%s", controller.ExtraKafkaPropertiesFilename), })) suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volume mounts for extra kafka configs") Eventually(func() []corev1.VolumeMount { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].VolumeMounts } return []corev1.VolumeMount{} @@ -2920,7 +2920,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volumes for extra kafka configs") Eventually(func() []corev1.Volume { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return pod.Spec.Volumes } @@ -2930,7 +2930,7 @@ var _ = Describe("HumioCluster Controller", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), + Name: controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetExtraKafkaConfigsConfigMapName(), }, DefaultMode: &mode, }, @@ -2977,15 +2977,15 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming config map was created") Eventually(func() error { - _, err := kubernetes.GetConfigMap(ctx, k8sClient, controllers.ViewGroupPermissionsConfigMapName(toCreate), toCreate.Namespace) + _, err := kubernetes.GetConfigMap(ctx, k8sClient, controller.ViewGroupPermissionsConfigMapName(toCreate), toCreate.Namespace) return err }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Confirming pods have the expected environment variable, volume and volume mounts") mode := int32(420) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].Env).To(ContainElement(corev1.EnvVar{ Name: "READ_GROUP_PERMISSIONS_FROM_FILE", Value: "true", @@ -2993,15 +2993,15 @@ var _ = Describe("HumioCluster Controller", func() { Expect(pod.Spec.Containers[humioIdx].VolumeMounts).To(ContainElement(corev1.VolumeMount{ Name: "view-group-permissions", ReadOnly: true, - MountPath: fmt.Sprintf("%s/%s", controllers.HumioDataPath, controllers.ViewGroupPermissionsFilename), - SubPath: controllers.ViewGroupPermissionsFilename, + MountPath: fmt.Sprintf("%s/%s", controller.HumioDataPath, controller.ViewGroupPermissionsFilename), + SubPath: controller.ViewGroupPermissionsFilename, })) Expect(pod.Spec.Volumes).To(ContainElement(corev1.Volume{ Name: "view-group-permissions", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.ViewGroupPermissionsConfigMapName(toCreate), + Name: controller.ViewGroupPermissionsConfigMapName(toCreate), }, DefaultMode: &mode, }, @@ -3010,8 +3010,8 @@ var _ = Describe("HumioCluster Controller", func() { } suite.UsingClusterBy(key.Name, "Confirming config map contains desired view group permissions") - configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controllers.ViewGroupPermissionsConfigMapName(toCreate), key.Namespace) - Expect(configMap.Data[controllers.ViewGroupPermissionsFilename]).To(Equal(toCreate.Spec.ViewGroupPermissions)) + configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controller.ViewGroupPermissionsConfigMapName(toCreate), key.Namespace) + Expect(configMap.Data[controller.ViewGroupPermissionsFilename]).To(Equal(toCreate.Spec.ViewGroupPermissions)) suite.UsingClusterBy(key.Name, "Removing view group permissions") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -3026,9 +3026,9 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have environment variable enabling view group permissions") Eventually(func() []corev1.EnvVar { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].Env } return []corev1.EnvVar{} @@ -3039,22 +3039,22 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volume mounts for view group permissions") Eventually(func() []corev1.VolumeMount { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].VolumeMounts } return []corev1.VolumeMount{} }, testTimeout, suite.TestInterval).ShouldNot(ContainElement(corev1.VolumeMount{ Name: "view-group-permissions", ReadOnly: true, - MountPath: fmt.Sprintf("%s/%s", controllers.HumioDataPath, controllers.ViewGroupPermissionsFilename), - SubPath: controllers.ViewGroupPermissionsFilename, + MountPath: fmt.Sprintf("%s/%s", controller.HumioDataPath, controller.ViewGroupPermissionsFilename), + SubPath: controller.ViewGroupPermissionsFilename, })) suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volumes for view group permissions") Eventually(func() []corev1.Volume { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return pod.Spec.Volumes } @@ -3064,7 +3064,7 @@ var _ = Describe("HumioCluster Controller", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.ViewGroupPermissionsConfigMapName(toCreate), + Name: controller.ViewGroupPermissionsConfigMapName(toCreate), }, DefaultMode: &mode, }, @@ -3073,7 +3073,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming config map was cleaned up") Eventually(func() bool { - _, err := kubernetes.GetConfigMap(ctx, k8sClient, controllers.ViewGroupPermissionsConfigMapName(toCreate), toCreate.Namespace) + _, err := kubernetes.GetConfigMap(ctx, k8sClient, controller.ViewGroupPermissionsConfigMapName(toCreate), toCreate.Namespace) return k8serrors.IsNotFound(err) }, testTimeout, suite.TestInterval).Should(BeTrue()) }) @@ -3147,15 +3147,15 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming config map was created") Eventually(func() error { - _, err := kubernetes.GetConfigMap(ctx, k8sClient, controllers.RolePermissionsConfigMapName(toCreate), toCreate.Namespace) + _, err := kubernetes.GetConfigMap(ctx, k8sClient, controller.RolePermissionsConfigMapName(toCreate), toCreate.Namespace) return err }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Confirming pods have the expected environment variable, volume and volume mounts") mode := int32(420) - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].Env).To(ContainElement(corev1.EnvVar{ Name: "READ_GROUP_PERMISSIONS_FROM_FILE", Value: "true", @@ -3163,15 +3163,15 @@ var _ = Describe("HumioCluster Controller", func() { Expect(pod.Spec.Containers[humioIdx].VolumeMounts).To(ContainElement(corev1.VolumeMount{ Name: "role-permissions", ReadOnly: true, - MountPath: fmt.Sprintf("%s/%s", controllers.HumioDataPath, controllers.RolePermissionsFilename), - SubPath: controllers.RolePermissionsFilename, + MountPath: fmt.Sprintf("%s/%s", controller.HumioDataPath, controller.RolePermissionsFilename), + SubPath: controller.RolePermissionsFilename, })) Expect(pod.Spec.Volumes).To(ContainElement(corev1.Volume{ Name: "role-permissions", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.RolePermissionsConfigMapName(toCreate), + Name: controller.RolePermissionsConfigMapName(toCreate), }, DefaultMode: &mode, }, @@ -3180,8 +3180,8 @@ var _ = Describe("HumioCluster Controller", func() { } suite.UsingClusterBy(key.Name, "Confirming config map contains desired role permissions") - configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controllers.RolePermissionsConfigMapName(toCreate), key.Namespace) - Expect(configMap.Data[controllers.RolePermissionsFilename]).To(Equal(toCreate.Spec.RolePermissions)) + configMap, _ := kubernetes.GetConfigMap(ctx, k8sClient, controller.RolePermissionsConfigMapName(toCreate), key.Namespace) + Expect(configMap.Data[controller.RolePermissionsFilename]).To(Equal(toCreate.Spec.RolePermissions)) suite.UsingClusterBy(key.Name, "Removing role permissions") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -3196,9 +3196,9 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have environment variable enabling role permissions") Eventually(func() []corev1.EnvVar { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].Env } return []corev1.EnvVar{} @@ -3209,22 +3209,22 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volume mounts for role permissions") Eventually(func() []corev1.VolumeMount { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].VolumeMounts } return []corev1.VolumeMount{} }, testTimeout, suite.TestInterval).ShouldNot(ContainElement(corev1.VolumeMount{ Name: "role-permissions", ReadOnly: true, - MountPath: fmt.Sprintf("%s/%s", controllers.HumioDataPath, controllers.RolePermissionsFilename), - SubPath: controllers.RolePermissionsFilename, + MountPath: fmt.Sprintf("%s/%s", controller.HumioDataPath, controller.RolePermissionsFilename), + SubPath: controller.RolePermissionsFilename, })) suite.UsingClusterBy(key.Name, "Confirming pods do not have additional volumes for role permissions") Eventually(func() []corev1.Volume { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return pod.Spec.Volumes } @@ -3234,7 +3234,7 @@ var _ = Describe("HumioCluster Controller", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: controllers.RolePermissionsConfigMapName(toCreate), + Name: controller.RolePermissionsConfigMapName(toCreate), }, DefaultMode: &mode, }, @@ -3243,7 +3243,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming config map was cleaned up") Eventually(func() bool { - _, err := kubernetes.GetConfigMap(ctx, k8sClient, controllers.RolePermissionsConfigMapName(toCreate), toCreate.Namespace) + _, err := kubernetes.GetConfigMap(ctx, k8sClient, controller.RolePermissionsConfigMapName(toCreate), toCreate.Namespace) return k8serrors.IsNotFound(err) }, testTimeout, suite.TestInterval).Should(BeTrue()) }) @@ -3270,7 +3270,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.CreateAndBootstrapCluster(ctx, k8sClient, testHumioClient, toCreate, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) defer suite.CleanupCluster(ctx, k8sClient, toCreate) - Expect(kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels())).To(HaveLen(0)) + Expect(kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels())).To(BeEmpty()) suite.UsingClusterBy(key.Name, "Updating cluster to use persistent volumes") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -3292,7 +3292,7 @@ var _ = Describe("HumioCluster Controller", func() { }).Should(Succeed()) Eventually(func() ([]corev1.PersistentVolumeClaim, error) { - return kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) + return kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) }, testTimeout, suite.TestInterval).Should(HaveLen(toCreate.Spec.NodeCount)) Eventually(func() string { @@ -3302,7 +3302,7 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRestarting)) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -3311,13 +3311,13 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRunning)) suite.UsingClusterBy(key.Name, "Confirming pods are using PVC's and no PVC is left unused") - pvcList, _ := kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) - foundPodList, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) + pvcList, _ := kubernetes.ListPersistentVolumeClaims(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) + foundPodList, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetNodePoolLabels()) for _, pod := range foundPodList { - _, err := controllers.FindPvcForPod(pvcList, pod) + _, err := controller.FindPvcForPod(pvcList, pod) Expect(err).ShouldNot(HaveOccurred()) } - _, err := controllers.FindNextAvailablePvc(pvcList, foundPodList, map[string]struct{}{}) + _, err := controller.FindNextAvailablePvc(pvcList, foundPodList, map[string]struct{}{}) Expect(err).Should(HaveOccurred()) }) }) @@ -3349,10 +3349,10 @@ var _ = Describe("HumioCluster Controller", func() { } } - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.Volumes).To(HaveLen(initialExpectedVolumesCount)) - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].VolumeMounts).To(HaveLen(initialExpectedHumioContainerVolumeMountsCount)) } @@ -3385,24 +3385,24 @@ var _ = Describe("HumioCluster Controller", func() { return k8sClient.Update(ctx, &updatedHumioCluster) }, testTimeout, suite.TestInterval).Should(Succeed()) Eventually(func() []corev1.Volume { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { return pod.Spec.Volumes } return []corev1.Volume{} }, testTimeout, suite.TestInterval).Should(HaveLen(initialExpectedVolumesCount + 1)) Eventually(func() []corev1.VolumeMount { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) return pod.Spec.Containers[humioIdx].VolumeMounts } return []corev1.VolumeMount{} }, testTimeout, suite.TestInterval).Should(HaveLen(initialExpectedHumioContainerVolumeMountsCount + 1)) - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.Volumes).Should(ContainElement(extraVolume)) - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIdx].VolumeMounts).Should(ContainElement(extraVolumeMount)) } }) @@ -3429,11 +3429,11 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming PUBLIC_URL is set to default value and PROXY_PREFIX_URL is not set") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(controllers.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal(fmt.Sprintf("%s://$(THIS_POD_IP):$(HUMIO_PORT)", protocol))) - Expect(controllers.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL")).To(BeFalse()) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(controller.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal(fmt.Sprintf("%s://$(THIS_POD_IP):$(HUMIO_PORT)", protocol))) + Expect(controller.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL")).To(BeFalse()) } suite.UsingClusterBy(key.Name, "Updating humio cluster path") @@ -3449,10 +3449,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming PROXY_PREFIX_URL have been configured on all pods") Eventually(func() bool { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - if !controllers.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL") { + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + if !controller.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL") { return false } } @@ -3460,19 +3460,19 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeTrue()) suite.UsingClusterBy(key.Name, "Confirming PUBLIC_URL and PROXY_PREFIX_URL have been correctly configured") - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(controllers.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal(fmt.Sprintf("%s://$(THIS_POD_IP):$(HUMIO_PORT)/logs", protocol))) - Expect(controllers.EnvVarHasValue(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL", "/logs")).To(BeTrue()) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(controller.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal(fmt.Sprintf("%s://$(THIS_POD_IP):$(HUMIO_PORT)/logs", protocol))) + Expect(controller.EnvVarHasValue(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL", "/logs")).To(BeTrue()) } suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Confirming cluster returns to Running state") Eventually(func() string { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) @@ -3502,11 +3502,11 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming PUBLIC_URL is set to default value and PROXY_PREFIX_URL is not set") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(controllers.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal("https://test-cluster.humio.com")) - Expect(controllers.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL")).To(BeFalse()) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(controller.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal("https://test-cluster.humio.com")) + Expect(controller.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL")).To(BeFalse()) } suite.UsingClusterBy(key.Name, "Updating humio cluster path") @@ -3522,10 +3522,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming PROXY_PREFIX_URL have been configured on all pods") Eventually(func() bool { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - if !controllers.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL") { + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + if !controller.EnvVarHasKey(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL") { return false } } @@ -3533,19 +3533,19 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(BeTrue()) suite.UsingClusterBy(key.Name, "Confirming PUBLIC_URL and PROXY_PREFIX_URL have been correctly configured") - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) - Expect(controllers.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal("https://test-cluster.humio.com/logs")) - Expect(controllers.EnvVarHasValue(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL", "/logs")).To(BeTrue()) + humioIdx, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) + Expect(controller.EnvVarValue(pod.Spec.Containers[humioIdx].Env, "PUBLIC_URL")).Should(Equal("https://test-cluster.humio.com/logs")) + Expect(controller.EnvVarHasValue(pod.Spec.Containers[humioIdx].Env, "PROXY_PREFIX_URL", "/logs")).To(BeTrue()) } suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Confirming cluster returns to Running state") Eventually(func() string { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) @@ -3563,7 +3563,7 @@ var _ = Describe("HumioCluster Controller", func() { toCreate := suite.ConstructBasicSingleNodeHumioCluster(key, true) toCreate.Spec.HumioNodeSpec.ExtraHumioVolumeMounts = []corev1.VolumeMount{ { - Name: "humio-data", + Name: controller.HumioDataVolumeName, }, } ctx := context.Background() @@ -3599,7 +3599,7 @@ var _ = Describe("HumioCluster Controller", func() { toCreate.Spec.HumioNodeSpec.ExtraHumioVolumeMounts = []corev1.VolumeMount{ { Name: "something-unique", - MountPath: controllers.HumioDataPath, + MountPath: controller.HumioDataPath, }, } ctx := context.Background() @@ -3634,7 +3634,7 @@ var _ = Describe("HumioCluster Controller", func() { toCreate := suite.ConstructBasicSingleNodeHumioCluster(key, true) toCreate.Spec.HumioNodeSpec.ExtraVolumes = []corev1.Volume{ { - Name: "humio-data", + Name: controller.HumioDataVolumeName, }, } ctx := context.Background() @@ -3880,7 +3880,7 @@ var _ = Describe("HumioCluster Controller", func() { Eventually(func() []networkingv1.Ingress { foundIngressList, _ = kubernetes.ListIngresses(ctx, k8sClient, key.Namespace, kubernetes.MatchingLabelsForHumio(toCreate.Name)) return foundIngressList - }, testTimeout, suite.TestInterval).Should(HaveLen(0)) + }, testTimeout, suite.TestInterval).Should(BeEmpty()) suite.UsingClusterBy(key.Name, "Setting the Hostname") var updatedHumioCluster humiov1alpha1.HumioCluster @@ -4179,9 +4179,9 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming init container is using the correct service account") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controllers.InitContainerName) + humioIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controller.InitContainerName) var serviceAccountSecretVolumeName string for _, volumeMount := range pod.Spec.InitContainers[humioIdx].VolumeMounts { if volumeMount.MountPath == "/var/run/secrets/kubernetes.io/serviceaccount" { @@ -4218,9 +4218,9 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming init container is using the correct service account") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controllers.InitContainerName) + humioIdx, _ := kubernetes.GetInitContainerIndexByName(pod, controller.InitContainerName) var serviceAccountSecretVolumeName string for _, volumeMount := range pod.Spec.InitContainers[humioIdx].VolumeMounts { if volumeMount.MountPath == "/var/run/secrets/kubernetes.io/serviceaccount" { @@ -4305,7 +4305,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods use the requested tolerations") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.Tolerations).To(ContainElement(toCreate.Spec.Tolerations[0])) } @@ -4333,7 +4333,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods use the requested topology spread constraint") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.TopologySpreadConstraints).To(ContainElement(toCreate.Spec.TopologySpreadConstraints[0])) } @@ -4364,7 +4364,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods use the requested priority class name") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { Expect(pod.Spec.PriorityClassName).To(Equal(toCreate.Spec.PriorityClassName)) } @@ -4434,7 +4434,7 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods are not using shared process namespace nor additional sidecars") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { if pod.Spec.ShareProcessNamespace != nil { Expect(*pod.Spec.ShareProcessNamespace).To(BeFalse()) @@ -4491,7 +4491,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming the humio pods use shared process namespace") Eventually(func() bool { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { if pod.Spec.ShareProcessNamespace != nil { return *pod.Spec.ShareProcessNamespace @@ -4502,10 +4502,10 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pods contain the new sidecar") Eventually(func() string { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { for _, container := range pod.Spec.Containers { - if container.Name == controllers.HumioContainerName { + if container.Name == controller.HumioContainerName { continue } return container.Name @@ -4532,7 +4532,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Validating pod is created with the default grace period") Eventually(func() int64 { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) _ = suite.MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) for _, pod := range clusterPods { @@ -4556,7 +4556,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Validating pod is recreated using the explicitly defined grace period") Eventually(func() int64 { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { if pod.Spec.TerminationGracePeriodSeconds != nil { return *pod.Spec.TerminationGracePeriodSeconds @@ -4746,8 +4746,8 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods are not using env var source") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) - humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) Expect(clusterPods[0].Spec.Containers[humioIdx].EnvFrom).To(BeNil()) @@ -4811,14 +4811,14 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Confirming pods contain the new env vars") Eventually(func() int { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) var podsContainingEnvFrom int for _, pod := range clusterPods { - humioIdx, err := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, err := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) if pod.Spec.Containers[humioIdx].EnvFrom != nil { if len(pod.Spec.Containers[humioIdx].EnvFrom) > 0 { @@ -4850,8 +4850,8 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) suite.UsingClusterBy(key.Name, "Confirming the humio pods are not using env var source") - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) - humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) Expect(clusterPods[0].Spec.Containers[humioIdx].EnvFrom).To(BeNil()) @@ -4915,14 +4915,14 @@ var _ = Describe("HumioCluster Controller", func() { }, testTimeout, suite.TestInterval).Should(Succeed()) suite.UsingClusterBy(key.Name, "Restarting the cluster in a rolling fashion") - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) suite.UsingClusterBy(key.Name, "Confirming pods contain the new env vars") Eventually(func() int { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) var podsContainingEnvFrom int for _, pod := range clusterPods { - humioIdx, err := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIdx, err := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) if pod.Spec.Containers[humioIdx].EnvFrom != nil { if len(pod.Spec.Containers[humioIdx].EnvFrom) > 0 { @@ -4953,7 +4953,7 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Removing the node pool label from the pod") var clusterPods []corev1.Pod Eventually(func() error { - clusterPods, err = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, err = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) if err != nil { return err } @@ -5017,15 +5017,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5060,14 +5060,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5104,15 +5104,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5147,14 +5147,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5191,15 +5191,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5234,14 +5234,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5278,15 +5278,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5321,14 +5321,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5365,15 +5365,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5408,14 +5408,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5452,15 +5452,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostNumPodsSeenUnavailable := 0 mostNumZonesWithPodsSeenUnavailable := 0 @@ -5495,14 +5495,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5541,15 +5541,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -5574,7 +5574,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 1) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -5585,14 +5585,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5628,15 +5628,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -5661,7 +5661,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, maxUnavailable.IntValue()) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, maxUnavailable.IntValue()) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -5672,14 +5672,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5715,15 +5715,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -5748,7 +5748,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, maxUnavailable.IntValue()) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, maxUnavailable.IntValue()) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -5759,14 +5759,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5802,15 +5802,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -5835,7 +5835,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 2) // nodeCount 9 * 25 % = 2.25 pods, rounded down is 2 + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 2) // nodeCount 9 * 25 % = 2.25 pods, rounded down is 2 Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -5846,14 +5846,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5889,15 +5889,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -5922,7 +5922,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 4) // nodeCount 9 * 50 % = 4.50 pods, rounded down is 4 + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, 4) // nodeCount 9 * 50 % = 4.50 pods, rounded down is 4 Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -5933,14 +5933,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -5976,15 +5976,15 @@ var _ = Describe("HumioCluster Controller", func() { defer suite.CleanupCluster(ctx, k8sClient, toCreate) var updatedHumioCluster humiov1alpha1.HumioCluster - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(toCreate).GetPodLabels()) for _, pod := range clusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(toCreate.Spec.Image)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "1")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "1")) } updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(1)) mostSeenUnavailable := 0 forever := make(chan struct{}) @@ -6009,7 +6009,7 @@ var _ = Describe("HumioCluster Controller", func() { return updatedHumioCluster.Status.State }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateUpgrading)) - ensurePodsRollingRestart(ctx, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, toCreate.Spec.NodeCount) + ensurePodsRollingRestart(ctx, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster), 2, toCreate.Spec.NodeCount) Eventually(func() string { updatedHumioCluster = humiov1alpha1.HumioCluster{} @@ -6020,14 +6020,14 @@ var _ = Describe("HumioCluster Controller", func() { suite.UsingClusterBy(key.Name, "Confirming pod revision is the same for all pods and the cluster itself") updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - Expect(controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) + Expect(controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision()).To(BeEquivalentTo(2)) - updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, _ := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) Expect(updatedClusterPods).To(HaveLen(toCreate.Spec.NodeCount)) for _, pod := range updatedClusterPods { - humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controllers.HumioContainerName) + humioIndex, _ := kubernetes.GetContainerIndexByName(pod, controller.HumioContainerName) Expect(pod.Spec.Containers[humioIndex].Image).To(BeIdenticalTo(updatedImage)) - Expect(pod.Annotations).To(HaveKeyWithValue(controllers.PodRevisionAnnotation, "2")) + Expect(pod.Annotations).To(HaveKeyWithValue(controller.PodRevisionAnnotation, "2")) } cancel() @@ -6048,7 +6048,7 @@ var _ = Describe("HumioCluster Controller", func() { // Using a for-loop executing ListPods will only see snapshots in time and we could easily miss // a point in time where we have too many pods that are not ready. func monitorMaxUnavailableWithZoneAwareness(ctx context.Context, k8sClient client.Client, toCreate humiov1alpha1.HumioCluster, forever chan struct{}, mostNumPodsSeenUnavailable *int, mostNumZonesWithPodsSeenUnavailable *int) { - hnp := controllers.NewHumioNodeManagerFromHumioCluster(&toCreate) + hnp := controller.NewHumioNodeManagerFromHumioCluster(&toCreate) for { select { case <-ctx.Done(): // if cancel() execute @@ -6089,7 +6089,7 @@ func monitorMaxUnavailableWithZoneAwareness(ctx context.Context, k8sClient clien // Using a for-loop executing ListPods will only see snapshots in time and we could easily miss // a point in time where we have too many pods that are not ready. func monitorMaxUnavailableWithoutZoneAwareness(ctx context.Context, k8sClient client.Client, toCreate humiov1alpha1.HumioCluster, forever chan struct{}, mostNumPodsSeenUnavailable *int) { - hnp := controllers.NewHumioNodeManagerFromHumioCluster(&toCreate) + hnp := controller.NewHumioNodeManagerFromHumioCluster(&toCreate) for { select { case <-ctx.Done(): // if cancel() execute diff --git a/controllers/suite/clusters/suite_test.go b/internal/controller/suite/clusters/suite_test.go similarity index 86% rename from controllers/suite/clusters/suite_test.go rename to internal/controller/suite/clusters/suite_test.go index 3bcf6fdb..8c5d613b 100644 --- a/controllers/suite/clusters/suite_test.go +++ b/internal/controller/suite/clusters/suite_test.go @@ -23,17 +23,18 @@ import ( "path/filepath" "sort" "strconv" - "strings" "testing" "time" - "github.com/humio/humio-operator/controllers" - "github.com/humio/humio-operator/controllers/suite" + "github.com/humio/humio-operator/internal/controller" + "github.com/humio/humio-operator/internal/controller/suite" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" + uberzap "go.uber.org/zap" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "github.com/go-logr/logr" @@ -42,7 +43,6 @@ import ( k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" logf "sigs.k8s.io/controller-runtime/pkg/log" . "github.com/onsi/ginkgo/v2" @@ -54,7 +54,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/envtest" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - //+kubebuilder:scaffold:imports + // +kubebuilder:scaffold:imports ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to @@ -77,7 +77,9 @@ func TestAPIs(t *testing.T) { var _ = BeforeSuite(func() { var log logr.Logger zapLog, _ := helpers.NewLogger() - defer zapLog.Sync() + defer func(zapLog *uberzap.Logger) { + _ = zapLog.Sync() + }(zapLog) log = zapr.NewLogger(zapLog) logf.SetLogger(log) @@ -104,7 +106,7 @@ var _ = BeforeSuite(func() { testTimeout = time.Second * 30 testEnv = &envtest.Environment{ // TODO: If we want to add support for TLS-functionality, we need to install cert-manager's CRD's - CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: true, } testHumioClient = humio.NewMockClient() @@ -131,21 +133,16 @@ var _ = BeforeSuite(func() { err = humiov1alpha1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) - //+kubebuilder:scaffold:scheme + // +kubebuilder:scaffold:scheme - watchNamespace, _ := helpers.GetWatchNamespace() - - options := ctrl.Options{ - Scheme: scheme.Scheme, - MetricsBindAddress: "0", - Cache: cache.Options{Namespaces: strings.Split(watchNamespace, ",")}, - Logger: log, - } - - k8sManager, err = ctrl.NewManager(cfg, options) + k8sManager, err = ctrl.NewManager(cfg, ctrl.Options{ + Scheme: scheme.Scheme, + Metrics: metricsserver.Options{BindAddress: "0"}, + Logger: log, + }) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioActionReconciler{ + err = (&controller.HumioActionReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -153,7 +150,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioAlertReconciler{ + err = (&controller.HumioAlertReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -161,7 +158,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioClusterReconciler{ + err = (&controller.HumioClusterReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -169,7 +166,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioExternalClusterReconciler{ + err = (&controller.HumioExternalClusterReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -177,7 +174,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioIngestTokenReconciler{ + err = (&controller.HumioIngestTokenReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -185,7 +182,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioParserReconciler{ + err = (&controller.HumioParserReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -193,7 +190,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioRepositoryReconciler{ + err = (&controller.HumioRepositoryReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -201,7 +198,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioViewReconciler{ + err = (&controller.HumioViewReconciler{ Client: k8sManager.GetClient(), HumioClient: testHumioClient, BaseLogger: log, @@ -263,8 +260,8 @@ var _ = ReportAfterSuite("HumioCluster Controller Suite", func(suiteReport ginkg // 1. regular container stdout // 2. ReportAfterEach // 3. ReportAfterSuite - //suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedGinkgoWriterOutput, "\n"), r.State) - //suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedStdOutErr, "\n"), r.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedGinkgoWriterOutput, "\n"), r.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedStdOutErr, "\n"), r.State) r.CapturedGinkgoWriterOutput = testRunID r.CapturedStdOutErr = testRunID @@ -286,8 +283,8 @@ var _ = ReportAfterEach(func(specReport ginkgotypes.SpecReport) { // 1. regular container stdout // 2. ReportAfterEach // 3. ReportAfterSuite - //suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedGinkgoWriterOutput, "\n"), specReport.State) - //suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedStdOutErr, "\n"), specReport.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedGinkgoWriterOutput, "\n"), specReport.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedStdOutErr, "\n"), specReport.State) specReport.CapturedGinkgoWriterOutput = testRunID specReport.CapturedStdOutErr = testRunID @@ -296,12 +293,8 @@ var _ = ReportAfterEach(func(specReport ginkgotypes.SpecReport) { fmt.Println(string(u)) }) -func createAndBootstrapMultiNodePoolCluster(ctx context.Context, k8sClient client.Client, humioClient humio.Client, cluster *humiov1alpha1.HumioCluster, autoCreateLicense bool, expectedState string) { - suite.CreateAndBootstrapCluster(ctx, k8sClient, humioClient, cluster, autoCreateLicense, expectedState, testTimeout) - - if expectedState != humiov1alpha1.HumioClusterStateRunning { - return - } +func createAndBootstrapMultiNodePoolCluster(ctx context.Context, k8sClient client.Client, humioClient humio.Client, cluster *humiov1alpha1.HumioCluster) { + suite.CreateAndBootstrapCluster(ctx, k8sClient, humioClient, cluster, true, humiov1alpha1.HumioClusterStateRunning, testTimeout) key := types.NamespacedName{ Namespace: cluster.Namespace, @@ -316,16 +309,16 @@ func createAndBootstrapMultiNodePoolCluster(ctx context.Context, k8sClient clien Expect(err).Should(Succeed()) } for _, pool := range updatedHumioCluster.Status.NodePoolStatus { - if pool.State != expectedState { + if pool.State != humiov1alpha1.HumioClusterStateRunning { return pool.State } } - return expectedState + return humiov1alpha1.HumioClusterStateRunning }, testTimeout, suite.TestInterval).Should(BeIdenticalTo(humiov1alpha1.HumioClusterStateRunning)) } -func constructBasicMultiNodePoolHumioCluster(key types.NamespacedName, useAutoCreatedLicense bool, numberOfAdditionalNodePools int) *humiov1alpha1.HumioCluster { - toCreate := suite.ConstructBasicSingleNodeHumioCluster(key, useAutoCreatedLicense) +func constructBasicMultiNodePoolHumioCluster(key types.NamespacedName, numberOfAdditionalNodePools int) *humiov1alpha1.HumioCluster { + toCreate := suite.ConstructBasicSingleNodeHumioCluster(key, true) nodeSpec := suite.ConstructBasicNodeSpecForHumioCluster(key) for i := 1; i <= numberOfAdditionalNodePools; i++ { @@ -348,7 +341,7 @@ func markPodAsPendingUnschedulableIfUsingEnvtest(ctx context.Context, client cli { Type: corev1.PodScheduled, Status: corev1.ConditionFalse, - Reason: controllers.PodConditionReasonUnschedulable, + Reason: controller.PodConditionReasonUnschedulable, }, } pod.Status.Phase = corev1.PodPending @@ -369,7 +362,7 @@ func markPodAsPendingImagePullBackOffIfUsingEnvtest(ctx context.Context, client } pod.Status.ContainerStatuses = []corev1.ContainerStatus{ { - Name: controllers.HumioContainerName, + Name: controller.HumioContainerName, State: corev1.ContainerState{ Waiting: &corev1.ContainerStateWaiting{ Reason: "ImagePullBackOff", @@ -381,7 +374,7 @@ func markPodAsPendingImagePullBackOffIfUsingEnvtest(ctx context.Context, client return client.Status().Update(ctx, &pod) } -func markPodsWithRevisionAsReadyIfUsingEnvTest(ctx context.Context, hnp *controllers.HumioNodePool, podRevision int, desiredReadyPodCount int) { +func markPodsWithRevisionAsReadyIfUsingEnvTest(ctx context.Context, hnp *controller.HumioNodePool, podRevision int, desiredReadyPodCount int) { if !helpers.UseEnvtest() { return } @@ -389,8 +382,8 @@ func markPodsWithRevisionAsReadyIfUsingEnvTest(ctx context.Context, hnp *control suite.UsingClusterBy(hnp.GetClusterName(), fmt.Sprintf("Found %d pods", len(foundPodList))) podListWithRevision := []corev1.Pod{} for i := range foundPodList { - foundPodRevisionValue := foundPodList[i].Annotations[controllers.PodRevisionAnnotation] - foundPodHash := foundPodList[i].Annotations[controllers.PodHashAnnotation] + foundPodRevisionValue := foundPodList[i].Annotations[controller.PodRevisionAnnotation] + foundPodHash := foundPodList[i].Annotations[controller.PodHashAnnotation] suite.UsingClusterBy(hnp.GetClusterName(), fmt.Sprintf("Pod=%s revision=%s podHash=%s podIP=%s podPhase=%s podStatusConditions=%+v", foundPodList[i].Name, foundPodRevisionValue, foundPodHash, foundPodList[i].Status.PodIP, foundPodList[i].Status.Phase, foundPodList[i].Status.Conditions)) foundPodRevisionValueInt, _ := strconv.Atoi(foundPodRevisionValue) @@ -425,7 +418,7 @@ func markPodsWithRevisionAsReadyIfUsingEnvTest(ctx context.Context, hnp *control } } -func podReadyCountByRevision(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int) map[int]int { +func podReadyCountByRevision(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int) map[int]int { revisionToReadyCount := map[int]int{} clusterPods, err := kubernetes.ListPods(ctx, k8sClient, hnp.GetNamespace(), hnp.GetNodePoolLabels()) if err != nil { @@ -433,7 +426,7 @@ func podReadyCountByRevision(ctx context.Context, hnp *controllers.HumioNodePool } for _, pod := range clusterPods { - value, found := pod.Annotations[controllers.PodRevisionAnnotation] + value, found := pod.Annotations[controller.PodRevisionAnnotation] if !found { suite.UsingClusterBy(hnp.GetClusterName(), "podReadyCountByRevision | ERROR, pod found without revision annotation") } @@ -465,16 +458,16 @@ func podReadyCountByRevision(ctx context.Context, hnp *controllers.HumioNodePool return revisionToReadyCount } -func podPendingCountByRevision(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int, expectedPendingCount int) map[int]int { +func podPendingCountByRevision(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int, expectedPendingCount int) map[int]int { revisionToPendingCount := map[int]int{} clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, hnp.GetNamespace(), hnp.GetNodePoolLabels()) for nodeID, pod := range clusterPods { - revision, _ := strconv.Atoi(pod.Annotations[controllers.PodRevisionAnnotation]) + revision, _ := strconv.Atoi(pod.Annotations[controller.PodRevisionAnnotation]) if !helpers.UseEnvtest() { if pod.DeletionTimestamp == nil { for _, condition := range pod.Status.Conditions { if condition.Type == corev1.PodScheduled { - if condition.Status == corev1.ConditionFalse && condition.Reason == controllers.PodConditionReasonUnschedulable { + if condition.Status == corev1.ConditionFalse && condition.Reason == controller.PodConditionReasonUnschedulable { revisionToPendingCount[revision]++ } } @@ -504,7 +497,7 @@ func podPendingCountByRevision(ctx context.Context, hnp *controllers.HumioNodePo return revisionToPendingCount } -func ensurePodsRollingRestart(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int, numPodsPerIteration int) { +func ensurePodsRollingRestart(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int, numPodsPerIteration int) { suite.UsingClusterBy(hnp.GetClusterName(), fmt.Sprintf("ensurePodsRollingRestart Ensuring replacement pods are ready %d at a time", numPodsPerIteration)) // Each iteration we mark up to some expectedReady count in bulks of numPodsPerIteration, up to at most hnp.GetNodeCount() @@ -518,7 +511,7 @@ func ensurePodsRollingRestart(ctx context.Context, hnp *controllers.HumioNodePoo } } -func ensurePodsGoPending(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int, expectedPendingCount int) { +func ensurePodsGoPending(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int, expectedPendingCount int) { suite.UsingClusterBy(hnp.GetClusterName(), "Ensuring replacement pods are Pending") Eventually(func() map[int]int { @@ -527,7 +520,7 @@ func ensurePodsGoPending(ctx context.Context, hnp *controllers.HumioNodePool, ex } -func ensurePodsTerminate(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int) { +func ensurePodsTerminate(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int) { suite.UsingClusterBy(hnp.GetClusterName(), "ensurePodsTerminate Ensuring all existing pods are terminated at the same time") Eventually(func() map[int]int { markPodsWithRevisionAsReadyIfUsingEnvTest(ctx, hnp, expectedPodRevision, 0) @@ -546,7 +539,7 @@ func ensurePodsTerminate(ctx context.Context, hnp *controllers.HumioNodePool, ex } -func ensurePodsSimultaneousRestart(ctx context.Context, hnp *controllers.HumioNodePool, expectedPodRevision int) { +func ensurePodsSimultaneousRestart(ctx context.Context, hnp *controller.HumioNodePool, expectedPodRevision int) { ensurePodsTerminate(ctx, hnp, expectedPodRevision) suite.UsingClusterBy(hnp.GetClusterName(), "ensurePodsSimultaneousRestart Ensuring all pods come back up after terminating") diff --git a/controllers/suite/common.go b/internal/controller/suite/common.go similarity index 92% rename from controllers/suite/common.go rename to internal/controller/suite/common.go index 207d207d..d6f02e51 100644 --- a/controllers/suite/common.go +++ b/internal/controller/suite/common.go @@ -11,8 +11,8 @@ import ( "time" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - "github.com/humio/humio-operator/controllers" - "github.com/humio/humio-operator/controllers/versions" + "github.com/humio/humio-operator/internal/controller" + "github.com/humio/humio-operator/internal/controller/versions" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" @@ -42,15 +42,9 @@ const ( const TestInterval = time.Second * 1 -func UsingClusterBy(cluster, text string, callbacks ...func()) { +func UsingClusterBy(cluster, text string) { timestamp := time.Now().Format(time.RFC3339Nano) - fmt.Fprintln(GinkgoWriter, "STEP | "+timestamp+" | "+cluster+": "+text) - if len(callbacks) == 1 { - callbacks[0]() - } - if len(callbacks) > 1 { - panic("just one callback per By, please") - } + _, _ = fmt.Fprintln(GinkgoWriter, "STEP | "+timestamp+" | "+cluster+": "+text) } func MarkPodsAsRunningIfUsingEnvtest(ctx context.Context, client client.Client, pods []corev1.Pod, clusterName string) error { @@ -83,13 +77,13 @@ func MarkPodAsRunningIfUsingEnvtest(ctx context.Context, k8sClient client.Client } pod.Status.InitContainerStatuses = []corev1.ContainerStatus{ { - Name: controllers.InitContainerName, + Name: controller.InitContainerName, Ready: true, }, } pod.Status.ContainerStatuses = []corev1.ContainerStatus{ { - Name: controllers.HumioContainerName, + Name: controller.HumioContainerName, Ready: true, }, } @@ -266,7 +260,7 @@ func ConstructBasicNodeSpecForHumioCluster(key types.NamespacedName) humiov1alph }, VolumeMounts: []corev1.VolumeMount{ { - Name: "humio-data", + Name: controller.HumioDataVolumeName, MountPath: "/mnt", ReadOnly: true, }, @@ -341,6 +335,7 @@ func CreateLicenseSecret(ctx context.Context, clusterKey types.NamespacedName, k Expect(k8sClient.Create(ctx, &licenseSecret)).To(Succeed()) } +//nolint:gocyclo func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, humioClient humio.Client, cluster *humiov1alpha1.HumioCluster, autoCreateLicense bool, expectedState string, testTimeout time.Duration) { key := types.NamespacedName{ Namespace: cluster.Namespace, @@ -437,7 +432,7 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum Eventually(func() []corev1.Pod { var clusterPods []corev1.Pod - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) _ = MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) return clusterPods }, testTimeout, TestInterval).Should(HaveLen(cluster.Spec.NodeCount)) @@ -445,19 +440,19 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum for idx, pool := range cluster.Spec.NodePools { Eventually(func() []corev1.Pod { var clusterPods []corev1.Pod - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) _ = MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) return clusterPods }, testTimeout, TestInterval).Should(HaveLen(pool.NodeCount)) } - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetCommonClusterLabels()) - humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetCommonClusterLabels()) + humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) humioContainerArgs := strings.Join(clusterPods[0].Spec.Containers[humioIdx].Args, " ") if cluster.Spec.DisableInitContainer { UsingClusterBy(key.Name, "Confirming pods do not use init container") - Expect(clusterPods[0].Spec.InitContainers).To(HaveLen(0)) + Expect(clusterPods[0].Spec.InitContainers).To(BeEmpty()) Expect(humioContainerArgs).ToNot(ContainSubstring("export ZONE=")) } else { UsingClusterBy(key.Name, "Confirming pods have an init container") @@ -466,13 +461,13 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum } for idx := range cluster.Spec.NodePools { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) - humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controllers.HumioContainerName) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) + humioIdx, err := kubernetes.GetContainerIndexByName(clusterPods[0], controller.HumioContainerName) Expect(err).ToNot(HaveOccurred()) humioContainerArgs := strings.Join(clusterPods[0].Spec.Containers[humioIdx].Args, " ") if cluster.Spec.DisableInitContainer { UsingClusterBy(key.Name, "Confirming pods do not use init container") - Expect(clusterPods[0].Spec.InitContainers).To(HaveLen(0)) + Expect(clusterPods[0].Spec.InitContainers).To(BeEmpty()) Expect(humioContainerArgs).ToNot(ContainSubstring("export ZONE=")) } else { UsingClusterBy(key.Name, "Confirming pods have an init container") @@ -483,11 +478,11 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum UsingClusterBy(key.Name, "Confirming cluster enters running state") Eventually(func() string { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) _ = MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) for idx := range cluster.Spec.NodePools { - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &cluster.Spec.NodePools[idx]).GetPodLabels()) _ = MarkPodsAsRunningIfUsingEnvtest(ctx, k8sClient, clusterPods, key.Name) } @@ -497,18 +492,18 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum }, testTimeout, TestInterval).Should(Equal(humiov1alpha1.HumioClusterStateRunning)) UsingClusterBy(key.Name, "Validating cluster has expected pod revision annotation") - nodeMgrFromHumioCluster := controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster) + nodeMgrFromHumioCluster := controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster) if nodeMgrFromHumioCluster.GetNodeCount() > 0 { Eventually(func() int { updatedHumioCluster = humiov1alpha1.HumioCluster{} Expect(k8sClient.Get(ctx, key, &updatedHumioCluster)).Should(Succeed()) - return controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision() + return controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetDesiredPodRevision() }, testTimeout, TestInterval).Should(BeEquivalentTo(1)) } UsingClusterBy(key.Name, "Waiting for the controller to populate the secret containing the admin token") Eventually(func() error { - clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetCommonClusterLabels()) + clusterPods, _ = kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetCommonClusterLabels()) for idx := range clusterPods { UsingClusterBy(key.Name, fmt.Sprintf("Pod status %s status: %v", clusterPods[idx].Name, clusterPods[idx].Status)) } @@ -524,7 +519,7 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum if updatedHumioCluster.Spec.DisableInitContainer { Eventually(func() []string { clusterConfig, err := helpers.NewCluster(ctx, k8sClient, key.Name, "", key.Namespace, helpers.UseCertManager(), true, false) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(clusterConfig).ToNot(BeNil()) Expect(clusterConfig.Config()).ToNot(BeNil()) @@ -553,7 +548,7 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum } else { Eventually(func() []string { clusterConfig, err := helpers.NewCluster(ctx, k8sClient, key.Name, "", key.Namespace, helpers.UseCertManager(), true, false) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(clusterConfig).ToNot(BeNil()) Expect(clusterConfig.Config()).ToNot(BeNil()) @@ -601,7 +596,7 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum corev1.PodRunning: 0, } - updatedClusterPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + updatedClusterPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) if err != nil { return map[corev1.PodPhase]int{} } @@ -621,7 +616,7 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum corev1.PodRunning: 0, } - updatedClusterPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[idx]).GetPodLabels()) + updatedClusterPods, err := kubernetes.ListPods(ctx, k8sClient, updatedHumioCluster.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[idx]).GetPodLabels()) if err != nil { return map[corev1.PodPhase]int{} } @@ -638,10 +633,10 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum Eventually(func() int { numPodsReady := 0 - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioCluster(&updatedHumioCluster).GetPodLabels()) for _, pod := range clusterPods { for _, containerStatus := range pod.Status.ContainerStatuses { - if containerStatus.Name == controllers.HumioContainerName && containerStatus.Ready { + if containerStatus.Name == controller.HumioContainerName && containerStatus.Ready { numPodsReady++ } } @@ -652,10 +647,10 @@ func CreateAndBootstrapCluster(ctx context.Context, k8sClient client.Client, hum for idx := range updatedHumioCluster.Spec.NodePools { Eventually(func() int { numPodsReady := 0 - clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controllers.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[idx]).GetPodLabels()) + clusterPods, _ := kubernetes.ListPods(ctx, k8sClient, key.Namespace, controller.NewHumioNodeManagerFromHumioNodePool(&updatedHumioCluster, &updatedHumioCluster.Spec.NodePools[idx]).GetPodLabels()) for _, pod := range clusterPods { for _, containerStatus := range pod.Status.ContainerStatuses { - if containerStatus.Name == controllers.HumioContainerName && containerStatus.Ready { + if containerStatus.Name == controller.HumioContainerName && containerStatus.Ready { numPodsReady++ } } diff --git a/controllers/suite/resources/humioresources_controller_test.go b/internal/controller/suite/resources/humioresources_controller_test.go similarity index 97% rename from controllers/suite/resources/humioresources_controller_test.go rename to internal/controller/suite/resources/humioresources_controller_test.go index ae581a6b..46927f95 100644 --- a/controllers/suite/resources/humioresources_controller_test.go +++ b/internal/controller/suite/resources/humioresources_controller_test.go @@ -35,12 +35,14 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - "github.com/humio/humio-operator/controllers/suite" + "github.com/humio/humio-operator/internal/controller/suite" ) -const EmailActionExample string = "example@example.com" - var _ = Describe("Humio Resources Controllers", func() { + const ( + emailActionExample = "example@example.com" + secretTokenName = "secret-token" + ) BeforeEach(func() { // failed test runs that don't clean up leave resources behind. humioClient.ClearHumioClientConnections(testRepoName) @@ -83,7 +85,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedIngestToken := &humiov1alpha1.HumioIngestToken{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedIngestToken) + _ = k8sClient.Get(ctx, key, fetchedIngestToken) return fetchedIngestToken.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioIngestTokenStateExists)) @@ -188,13 +190,13 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedIngestToken := &humiov1alpha1.HumioIngestToken{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedIngestToken) + _ = k8sClient.Get(ctx, key, fetchedIngestToken) return fetchedIngestToken.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioIngestTokenStateExists)) suite.UsingClusterBy(clusterKey.Name, "HumioIngestToken: Checking we do not create a token secret") var allSecrets corev1.SecretList - k8sClient.List(ctx, &allSecrets, client.InNamespace(fetchedIngestToken.Namespace)) + _ = k8sClient.List(ctx, &allSecrets, client.InNamespace(fetchedIngestToken.Namespace)) for _, secret := range allSecrets.Items { for _, owner := range secret.OwnerReferences { Expect(owner.Name).ShouldNot(BeIdenticalTo(fetchedIngestToken.Name)) @@ -258,7 +260,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioIngestToken: Validates resource enters state %s", humiov1alpha1.HumioIngestTokenStateConfigError)) fetchedIngestToken := &humiov1alpha1.HumioIngestToken{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedIngestToken) + _ = k8sClient.Get(ctx, keyErr, fetchedIngestToken) return fetchedIngestToken.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioIngestTokenStateConfigError)) @@ -292,7 +294,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioIngestToken: Validates resource enters state %s", humiov1alpha1.HumioIngestTokenStateConfigError)) fetchedIngestToken = &humiov1alpha1.HumioIngestToken{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedIngestToken) + _ = k8sClient.Get(ctx, keyErr, fetchedIngestToken) return fetchedIngestToken.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioIngestTokenStateConfigError)) @@ -337,7 +339,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedRepository := &humiov1alpha1.HumioRepository{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedRepository) + _ = k8sClient.Get(ctx, key, fetchedRepository) return fetchedRepository.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioRepositoryStateExists)) @@ -491,7 +493,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedRepo := &humiov1alpha1.HumioRepository{} Eventually(func() string { - k8sClient.Get(ctx, viewKey, fetchedRepo) + _ = k8sClient.Get(ctx, viewKey, fetchedRepo) return fetchedRepo.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioRepositoryStateExists)) @@ -500,7 +502,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedView := &humiov1alpha1.HumioView{} Eventually(func() string { - k8sClient.Get(ctx, viewKey, fetchedView) + _ = k8sClient.Get(ctx, viewKey, fetchedView) return fetchedView.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioViewStateExists)) @@ -627,7 +629,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedParser := &humiov1alpha1.HumioParser{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedParser) + _ = k8sClient.Get(ctx, key, fetchedParser) return fetchedParser.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioParserStateExists)) @@ -740,7 +742,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioExternalCluster: Confirming external cluster gets marked as ready") fetchedExternalCluster := &humiov1alpha1.HumioExternalCluster{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedExternalCluster) + _ = k8sClient.Get(ctx, key, fetchedExternalCluster) return fetchedExternalCluster.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioExternalClusterStateReady)) @@ -777,7 +779,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioParser: Validates resource enters state %s", humiov1alpha1.HumioParserStateConfigError)) fetchedParser := &humiov1alpha1.HumioParser{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedParser) + _ = k8sClient.Get(ctx, keyErr, fetchedParser) return fetchedParser.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioParserStateConfigError)) @@ -812,7 +814,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioParser: Validates resource enters state %s", humiov1alpha1.HumioParserStateConfigError)) fetchedParser := &humiov1alpha1.HumioParser{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedParser) + _ = k8sClient.Get(ctx, keyErr, fetchedParser) return fetchedParser.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioParserStateConfigError)) @@ -846,7 +848,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioRepository: Validates resource enters state %s", humiov1alpha1.HumioRepositoryStateConfigError)) fetchedRepository := &humiov1alpha1.HumioRepository{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedRepository) + _ = k8sClient.Get(ctx, keyErr, fetchedRepository) return fetchedRepository.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioRepositoryStateConfigError)) @@ -880,7 +882,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioRepository: Validates resource enters state %s", humiov1alpha1.HumioRepositoryStateConfigError)) fetchedRepository := &humiov1alpha1.HumioRepository{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedRepository) + _ = k8sClient.Get(ctx, keyErr, fetchedRepository) return fetchedRepository.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioRepositoryStateConfigError)) @@ -919,7 +921,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioView: Validates resource enters state %s", humiov1alpha1.HumioViewStateConfigError)) fetchedView := &humiov1alpha1.HumioView{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedView) + _ = k8sClient.Get(ctx, keyErr, fetchedView) return fetchedView.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioViewStateConfigError)) @@ -958,7 +960,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, fmt.Sprintf("HumioView: Validates resource enters state %s", humiov1alpha1.HumioViewStateConfigError)) fetchedView := &humiov1alpha1.HumioView{} Eventually(func() string { - k8sClient.Get(ctx, keyErr, fetchedView) + _ = k8sClient.Get(ctx, keyErr, fetchedView) return fetchedView.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioViewStateConfigError)) @@ -980,7 +982,7 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-action", ViewName: testRepo.Spec.Name, EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ - Recipients: []string{EmailActionExample}, + Recipients: []string{emailActionExample}, }, } @@ -1002,7 +1004,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1035,7 +1037,7 @@ var _ = Describe("Humio Resources Controllers", func() { expectedUpdatedAction, err = humioClient.GetAction(ctx, humioHttpClient, reconcile.Request{NamespacedName: clusterKey}, fetchedAction) return err }, testTimeout, suite.TestInterval).Should(Succeed()) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(expectedUpdatedAction).ToNot(BeNil()) suite.UsingClusterBy(clusterKey.Name, "HumioAction: Verifying the action matches the expected") @@ -1097,7 +1099,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1120,7 +1122,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the humio repo action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.HumioRepositoryProperties = updatedAction.Spec.HumioRepositoryProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1186,7 +1188,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1210,7 +1212,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the ops genie action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.OpsGenieProperties = updatedAction.Spec.OpsGenieProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1280,7 +1282,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1303,7 +1305,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the pagerduty action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.PagerDutyProperties = updatedAction.Spec.PagerDutyProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1375,7 +1377,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1404,7 +1406,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the slack post message action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.SlackPostMessageProperties = updatedAction.Spec.SlackPostMessageProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1479,7 +1481,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1507,7 +1509,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the slack action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.SlackProperties = updatedAction.Spec.SlackProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1579,7 +1581,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1603,7 +1605,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the victor ops action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.VictorOpsProperties = updatedAction.Spec.VictorOpsProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1674,7 +1676,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1698,7 +1700,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioAction: Waiting for the web hook action to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) fetchedAction.Spec.WebhookProperties = updatedWebhookActionProperties return k8sClient.Update(ctx, fetchedAction) }, testTimeout, suite.TestInterval).Should(Succeed()) @@ -1766,7 +1768,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateConfigError)) @@ -1805,7 +1807,9 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-invalid-action-extra", ViewName: testRepo.Spec.Name, WebhookProperties: &humiov1alpha1.HumioActionWebhookProperties{}, - EmailProperties: &humiov1alpha1.HumioActionEmailProperties{}, + EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ + Recipients: []string{""}, + }, }, } @@ -1814,7 +1818,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateConfigError)) @@ -1863,7 +1867,7 @@ var _ = Describe("Humio Resources Controllers", func() { }, } - expectedSecretValue := "secret-token" + expectedSecretValue := secretTokenName secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "action-humio-repository-secret", @@ -1879,7 +1883,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -1934,7 +1938,7 @@ var _ = Describe("Humio Resources Controllers", func() { }, } - expectedSecretValue := "secret-token" + expectedSecretValue := secretTokenName secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "action-genie-secret", @@ -1950,7 +1954,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2003,7 +2007,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2074,7 +2078,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2127,7 +2131,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2185,7 +2189,7 @@ var _ = Describe("Humio Resources Controllers", func() { }, } - expectedSecretValue := "secret-token" + expectedSecretValue := secretTokenName secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "action-slack-post-secret", @@ -2201,7 +2205,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2256,7 +2260,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2329,7 +2333,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2384,7 +2388,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2455,7 +2459,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2508,7 +2512,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2562,7 +2566,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2634,7 +2638,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2693,7 +2697,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2791,7 +2795,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2889,7 +2893,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAction) + _ = k8sClient.Get(ctx, key, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2938,7 +2942,7 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-email-action", ViewName: testRepo.Spec.Name, EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ - Recipients: []string{EmailActionExample}, + Recipients: []string{emailActionExample}, }, } @@ -2960,7 +2964,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, actionKey, fetchedAction) + _ = k8sClient.Get(ctx, actionKey, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -2998,7 +3002,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAlert := &humiov1alpha1.HumioAlert{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAlert) + _ = k8sClient.Get(ctx, key, fetchedAlert) return fetchedAlert.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioAlertStateExists)) @@ -3146,7 +3150,7 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-email-action4", ViewName: testRepo.Spec.Name, EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ - Recipients: []string{EmailActionExample}, + Recipients: []string{emailActionExample}, }, } @@ -3168,7 +3172,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, actionKey, fetchedAction) + _ = k8sClient.Get(ctx, actionKey, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -3203,7 +3207,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedFilterAlert := &humiov1alpha1.HumioFilterAlert{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedFilterAlert) + _ = k8sClient.Get(ctx, key, fetchedFilterAlert) return fetchedFilterAlert.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioFilterAlertStateExists)) @@ -3374,7 +3378,7 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-email-action3", ViewName: testRepo.Spec.Name, EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ - Recipients: []string{EmailActionExample}, + Recipients: []string{emailActionExample}, }, } @@ -3396,7 +3400,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, actionKey, fetchedAction) + _ = k8sClient.Get(ctx, actionKey, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -3434,7 +3438,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAggregateAlert := &humiov1alpha1.HumioAggregateAlert{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedAggregateAlert) + _ = k8sClient.Get(ctx, key, fetchedAggregateAlert) return fetchedAggregateAlert.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioAggregateAlertStateExists)) @@ -3491,7 +3495,7 @@ var _ = Describe("Humio Resources Controllers", func() { Actions: humioapi.GetActionNames(aggregateAlert.GetActions()), Labels: aggregateAlert.Labels, } - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(createdAggregateAlert.Spec).To(Equal(toCreateAggregateAlert.Spec)) suite.UsingClusterBy(clusterKey.Name, "HumioAggregateAlert: Updating the aggregate alert successfully") @@ -3610,7 +3614,7 @@ var _ = Describe("Humio Resources Controllers", func() { Name: "example-email-action2", ViewName: testRepo.Spec.Name, EmailProperties: &humiov1alpha1.HumioActionEmailProperties{ - Recipients: []string{EmailActionExample}, + Recipients: []string{emailActionExample}, }, } @@ -3632,7 +3636,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedAction := &humiov1alpha1.HumioAction{} Eventually(func() string { - k8sClient.Get(ctx, actionKey, fetchedAction) + _ = k8sClient.Get(ctx, actionKey, fetchedAction) return fetchedAction.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioActionStateExists)) @@ -3670,7 +3674,7 @@ var _ = Describe("Humio Resources Controllers", func() { fetchedScheduledSearch := &humiov1alpha1.HumioScheduledSearch{} Eventually(func() string { - k8sClient.Get(ctx, key, fetchedScheduledSearch) + _ = k8sClient.Get(ctx, key, fetchedScheduledSearch) return fetchedScheduledSearch.Status.State }, testTimeout, suite.TestInterval).Should(Equal(humiov1alpha1.HumioScheduledSearchStateExists)) @@ -3732,7 +3736,7 @@ var _ = Describe("Humio Resources Controllers", func() { suite.UsingClusterBy(clusterKey.Name, "HumioScheduledSearch: Waiting for the scheduled search to be updated") Eventually(func() error { - k8sClient.Get(ctx, key, fetchedScheduledSearch) + _ = k8sClient.Get(ctx, key, fetchedScheduledSearch) fetchedScheduledSearch.Spec.QueryString = updatedScheduledSearch.Spec.QueryString fetchedScheduledSearch.Spec.QueryStart = updatedScheduledSearch.Spec.QueryStart fetchedScheduledSearch.Spec.QueryEnd = updatedScheduledSearch.Spec.QueryEnd diff --git a/controllers/suite/resources/suite_test.go b/internal/controller/suite/resources/suite_test.go similarity index 89% rename from controllers/suite/resources/suite_test.go rename to internal/controller/suite/resources/suite_test.go index f15104c8..a239877c 100644 --- a/controllers/suite/resources/suite_test.go +++ b/internal/controller/suite/resources/suite_test.go @@ -21,18 +21,19 @@ import ( "encoding/json" "fmt" "path/filepath" - "strings" "testing" "time" + "github.com/humio/humio-operator/internal/controller" "github.com/humio/humio-operator/internal/helpers" "github.com/humio/humio-operator/internal/humio" "github.com/humio/humio-operator/internal/kubernetes" + uberzap "go.uber.org/zap" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/client-go/rest" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" - "github.com/humio/humio-operator/controllers" - "github.com/humio/humio-operator/controllers/suite" + "github.com/humio/humio-operator/internal/controller/suite" ginkgotypes "github.com/onsi/ginkgo/v2/types" "k8s.io/apimachinery/pkg/types" @@ -42,7 +43,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" logf "sigs.k8s.io/controller-runtime/pkg/log" . "github.com/onsi/ginkgo/v2" @@ -52,7 +52,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/envtest" corev1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - //+kubebuilder:scaffold:imports + // +kubebuilder:scaffold:imports ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to @@ -84,7 +84,9 @@ func TestAPIs(t *testing.T) { var _ = BeforeSuite(func() { var log logr.Logger zapLog, _ := helpers.NewLogger() - defer zapLog.Sync() + defer func(zapLog *uberzap.Logger) { + _ = zapLog.Sync() + }(zapLog) log = zapr.NewLogger(zapLog) logf.SetLogger(log) @@ -112,7 +114,7 @@ var _ = BeforeSuite(func() { testTimeout = time.Second * 30 testEnv = &envtest.Environment{ // TODO: If we want to add support for TLS-functionality, we need to install cert-manager's CRD's - CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: true, } humioClient = humio.NewMockClient() @@ -136,21 +138,16 @@ var _ = BeforeSuite(func() { err = corev1alpha1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) - //+kubebuilder:scaffold:scheme + // +kubebuilder:scaffold:scheme - watchNamespace, _ := helpers.GetWatchNamespace() - - options := ctrl.Options{ - Scheme: scheme.Scheme, - MetricsBindAddress: "0", - Cache: cache.Options{Namespaces: strings.Split(watchNamespace, ",")}, - Logger: log, - } - - k8sManager, err = ctrl.NewManager(cfg, options) + k8sManager, err = ctrl.NewManager(cfg, ctrl.Options{ + Scheme: scheme.Scheme, + Metrics: metricsserver.Options{BindAddress: "0"}, + Logger: log, + }) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioActionReconciler{ + err = (&controller.HumioActionReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -158,7 +155,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioAlertReconciler{ + err = (&controller.HumioAlertReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -166,7 +163,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioFilterAlertReconciler{ + err = (&controller.HumioFilterAlertReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -174,7 +171,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioAggregateAlertReconciler{ + err = (&controller.HumioAggregateAlertReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -182,7 +179,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioScheduledSearchReconciler{ + err = (&controller.HumioScheduledSearchReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -190,7 +187,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioClusterReconciler{ + err = (&controller.HumioClusterReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -198,7 +195,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioExternalClusterReconciler{ + err = (&controller.HumioExternalClusterReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -206,7 +203,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioIngestTokenReconciler{ + err = (&controller.HumioIngestTokenReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -214,7 +211,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioParserReconciler{ + err = (&controller.HumioParserReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -222,7 +219,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioRepositoryReconciler{ + err = (&controller.HumioRepositoryReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -230,7 +227,7 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&controllers.HumioViewReconciler{ + err = (&controller.HumioViewReconciler{ Client: k8sManager.GetClient(), HumioClient: humioClient, BaseLogger: log, @@ -263,7 +260,7 @@ var _ = BeforeSuite(func() { suite.CreateAndBootstrapCluster(context.TODO(), k8sClient, humioClient, cluster, true, corev1alpha1.HumioClusterStateRunning, testTimeout) sharedCluster, err = helpers.NewCluster(context.TODO(), k8sClient, clusterKey.Name, "", clusterKey.Namespace, helpers.UseCertManager(), true, false) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(sharedCluster).ToNot(BeNil()) Expect(sharedCluster.Config()).ToNot(BeNil()) @@ -415,8 +412,8 @@ var _ = ReportAfterSuite("HumioCluster Controller Suite", func(suiteReport ginkg // 1. regular container stdout // 2. ReportAfterEach // 3. ReportAfterSuite - //suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedGinkgoWriterOutput, "\n"), r.State) - //suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedStdOutErr, "\n"), r.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedGinkgoWriterOutput, "\n"), r.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(r.CapturedStdOutErr, "\n"), r.State) r.CapturedGinkgoWriterOutput = testRunID r.CapturedStdOutErr = testRunID @@ -438,8 +435,8 @@ var _ = ReportAfterEach(func(specReport ginkgotypes.SpecReport) { // 1. regular container stdout // 2. ReportAfterEach // 3. ReportAfterSuite - //suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedGinkgoWriterOutput, "\n"), specReport.State) - //suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedStdOutErr, "\n"), specReport.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedGinkgoWriterOutput, "\n"), specReport.State) + // suite.PrintLinesWithRunID(testRunID, strings.Split(specReport.CapturedStdOutErr, "\n"), specReport.State) specReport.CapturedGinkgoWriterOutput = testRunID specReport.CapturedStdOutErr = testRunID diff --git a/controllers/versions/versions.go b/internal/controller/versions/versions.go similarity index 100% rename from controllers/versions/versions.go rename to internal/controller/versions/versions.go diff --git a/internal/helpers/clusterinterface.go b/internal/helpers/clusterinterface.go index 9342f808..7fee6b06 100644 --- a/internal/helpers/clusterinterface.go +++ b/internal/helpers/clusterinterface.go @@ -90,10 +90,7 @@ func (c Cluster) Url(ctx context.Context, k8sClient client.Client) (*url.URL, er } protocol := "https" - if !c.certManagerEnabled { - protocol = "http" - } - if !TLSEnabled(&humioManagedCluster) { + if !c.certManagerEnabled || !TLSEnabled(&humioManagedCluster) { protocol = "http" } baseURL, _ := url.Parse(fmt.Sprintf("%s://%s-internal.%s:%d/", protocol, c.managedClusterName, c.namespace, 8080)) diff --git a/internal/helpers/helpers.go b/internal/helpers/helpers.go index 3ade7ae9..d5661037 100644 --- a/internal/helpers/helpers.go +++ b/internal/helpers/helpers.go @@ -30,6 +30,10 @@ import ( humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" ) +const ( + configEnvVarEnabled = "true" +) + // GetTypeName returns the name of the type of object which is obtained by using reflection func GetTypeName(myvar interface{}) string { t := reflect.TypeOf(myvar) @@ -117,9 +121,11 @@ func MapToSortedString(m map[string]string) string { if len(m) == 0 { return `"":""` } - var a []string + a := make([]string, len(m)) + idx := 0 for k, v := range m { - a = append(a, fmt.Sprintf("%s=%s", k, v)) + a[idx] = fmt.Sprintf("%s=%s", k, v) + idx++ } sort.SliceStable(a, func(i, j int) bool { return a[i] > a[j] @@ -136,22 +142,9 @@ func NewLogger() (*uberzap.Logger, error) { return loggerCfg.Build(uberzap.AddCaller()) } -func GetWatchNamespace() (string, error) { - // WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE - // which specifies the Namespace to watch. - // An empty value means the operator is running with cluster scope. - var watchNamespaceEnvVar = "WATCH_NAMESPACE" - - ns, found := os.LookupEnv(watchNamespaceEnvVar) - if !found { - return "", fmt.Errorf("%s must be set", watchNamespaceEnvVar) - } - return ns, nil -} - // UseCertManager returns whether the operator will use cert-manager func UseCertManager() bool { - return !UseEnvtest() && os.Getenv("USE_CERTMANAGER") == "true" + return !UseEnvtest() && os.Getenv("USE_CERTMANAGER") == configEnvVarEnabled } // GetDefaultHumioCoreImageFromEnvVar returns the user-defined default image for humio-core containers @@ -166,12 +159,12 @@ func GetDefaultHumioHelperImageFromEnvVar() string { // UseEnvtest returns whether the Kubernetes API is provided by envtest func UseEnvtest() bool { - return os.Getenv("TEST_USING_ENVTEST") == "true" + return os.Getenv("TEST_USING_ENVTEST") == configEnvVarEnabled } // UseDummyImage returns whether we are using a dummy image replacement instead of real container images func UseDummyImage() bool { - return os.Getenv("DUMMY_LOGSCALE_IMAGE") == "true" + return os.Getenv("DUMMY_LOGSCALE_IMAGE") == configEnvVarEnabled } // GetE2ELicenseFromEnvVar returns the E2E license set as an environment variable @@ -182,5 +175,5 @@ func GetE2ELicenseFromEnvVar() string { // PreserveKindCluster returns true if the intention is to not delete kind cluster after test execution. // This is to allow reruns of tests to be performed where resources can be reused. func PreserveKindCluster() bool { - return os.Getenv("PRESERVE_KIND_CLUSTER") == "true" + return os.Getenv("PRESERVE_KIND_CLUSTER") == configEnvVarEnabled } diff --git a/main.go b/main.go deleted file mode 100644 index 9fbd2564..00000000 --- a/main.go +++ /dev/null @@ -1,224 +0,0 @@ -/* -Copyright 2020 Humio https://humio.com - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "fmt" - "os" - "strings" - - "github.com/humio/humio-operator/internal/helpers" - "github.com/humio/humio-operator/internal/humio" - "sigs.k8s.io/controller-runtime/pkg/webhook" - - cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "github.com/go-logr/logr" - "github.com/go-logr/zapr" - // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) - // to ensure that exec-entrypoint and run can make use of them. - _ "k8s.io/client-go/plugin/pkg/client/auth" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" - "sigs.k8s.io/controller-runtime/pkg/healthz" - - humiov1alpha1 "github.com/humio/humio-operator/api/v1alpha1" - "github.com/humio/humio-operator/controllers" - //+kubebuilder:scaffold:imports -) - -var ( - scheme = runtime.NewScheme() - - // We override these using ldflags when running "go build" - commit = "none" - date = "unknown" - version = "master" -) - -func init() { - utilruntime.Must(clientgoscheme.AddToScheme(scheme)) - - utilruntime.Must(humiov1alpha1.AddToScheme(scheme)) - //+kubebuilder:scaffold:scheme -} - -func main() { - var metricsAddr string - var enableLeaderElection bool - var probeAddr string - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") - flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "leader-elect", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - flag.Parse() - - var log logr.Logger - zapLog, _ := helpers.NewLogger() - defer zapLog.Sync() - log = zapr.NewLogger(zapLog).WithValues("Operator.Commit", commit, "Operator.Date", date, "Operator.Version", version) - ctrl.SetLogger(log) - - ctrl.Log.Info("starting humio-operator") - - watchNamespace, err := helpers.GetWatchNamespace() - if err != nil { - ctrl.Log.Error(err, "unable to get WatchNamespace, "+ - "the manager will watch and manage resources in all namespaces") - } - - options := ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - WebhookServer: webhook.NewServer(webhook.Options{Port: 9443}), - HealthProbeBindAddress: probeAddr, - LeaderElection: enableLeaderElection, - LeaderElectionID: "d7845218.humio.com", - Cache: cache.Options{Namespaces: strings.Split(watchNamespace, ",")}, - } - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options) - if err != nil { - ctrl.Log.Error(err, "unable to start manager") - os.Exit(1) - } - - if helpers.UseCertManager() { - if err = cmapi.AddToScheme(mgr.GetScheme()); err != nil { - ctrl.Log.Error(err, "unable to add cert-manager to scheme") - os.Exit(2) - } - } - - userAgent := fmt.Sprintf("humio-operator/%s (%s on %s)", version, commit, date) - - if err = (&controllers.HumioExternalClusterReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioExternalCluster") - os.Exit(1) - } - if err = (&controllers.HumioClusterReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioCluster") - os.Exit(1) - } - if err = (&controllers.HumioIngestTokenReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioIngestToken") - os.Exit(1) - } - if err = (&controllers.HumioParserReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioParser") - os.Exit(1) - } - if err = (&controllers.HumioRepositoryReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioRepository") - os.Exit(1) - } - if err = (&controllers.HumioViewReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioView") - os.Exit(1) - } - if err = (&controllers.HumioActionReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAction") - os.Exit(1) - } - if err = (&controllers.HumioAlertReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAlert") - os.Exit(1) - } - if err = (&controllers.HumioFilterAlertReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioFilterAlert") - } - if err = (&controllers.HumioBootstrapTokenReconciler{ - Client: mgr.GetClient(), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioBootstrapToken") - os.Exit(1) - } - if err = (&controllers.HumioAggregateAlertReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioAggregateAlert") - os.Exit(1) - } - if err = (&controllers.HumioScheduledSearchReconciler{ - Client: mgr.GetClient(), - HumioClient: humio.NewClient(log, userAgent), - BaseLogger: log, - }).SetupWithManager(mgr); err != nil { - ctrl.Log.Error(err, "unable to create controller", "controller", "HumioScheduledSearch") - os.Exit(1) - } - //+kubebuilder:scaffold:builder - - if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { - ctrl.Log.Error(err, "unable to set up health check") - os.Exit(1) - } - if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { - ctrl.Log.Error(err, "unable to set up ready check") - os.Exit(1) - } - - ctrl.Log.Info(fmt.Sprintf("starting manager for humio-operator %s (%s on %s)", version, commit, date)) - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - ctrl.Log.Error(err, "problem running manager") - os.Exit(1) - } -} diff --git a/test.Dockerfile b/test.Dockerfile index 2200ba84..ad4781c8 100644 --- a/test.Dockerfile +++ b/test.Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.7-labs -FROM golang:1.22.2-alpine +FROM golang:1.23-alpine RUN apk add bash