From 230d2b1de8c1bbef90a5d838188bd7fd71980e7f Mon Sep 17 00:00:00 2001 From: Justin Ross Date: Thu, 22 Feb 2024 06:40:00 -0500 Subject: [PATCH] Update the client and server --- README.md | 12 +- client/.plano.py | 41 + client/Containerfile | 35 + {kafka-client => client}/pom.xml | 22 +- .../src/main/java/net/example/Client.java | 35 +- .../src/main/resources/application.properties | 0 kafka-client/.gitignore | 1 - kafka-client/.plano.py | 24 - kafka-client/Containerfile | 7 - {kafka-cluster => server}/cluster1.yaml | 4 +- {kafka-cluster => server}/strimzi.yaml | 17147 ++++++++-------- skewer.yaml | 8 +- 12 files changed, 9102 insertions(+), 8234 deletions(-) create mode 100644 client/.plano.py create mode 100644 client/Containerfile rename {kafka-client => client}/pom.xml (58%) rename {kafka-client => client}/src/main/java/net/example/Client.java (56%) rename {kafka-client => client}/src/main/resources/application.properties (100%) delete mode 100644 kafka-client/.gitignore delete mode 100644 kafka-client/.plano.py delete mode 100644 kafka-client/Containerfile rename {kafka-cluster => server}/cluster1.yaml (94%) rename {kafka-cluster => server}/strimzi.yaml (90%) diff --git a/README.md b/README.md index 16c79e4..c000b26 100644 --- a/README.md +++ b/README.md @@ -143,15 +143,15 @@ deploy the cluster and topic. _**Private:**_ ~~~ shell -kubectl create -f kafka-cluster/strimzi.yaml -kubectl apply -f kafka-cluster/cluster1.yaml +kubectl create -f server/strimzi.yaml +kubectl apply -f server/cluster1.yaml kubectl wait --for condition=ready --timeout 900s kafka/cluster1 ~~~ _Sample output:_ ~~~ console -$ kubectl create -f kafka-cluster/strimzi.yaml +$ kubectl create -f server/strimzi.yaml customresourcedefinition.apiextensions.k8s.io/kafkas.kafka.strimzi.io created rolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-entity-operator-delegation created clusterrolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator created @@ -178,7 +178,7 @@ customresourcedefinition.apiextensions.k8s.io/kafkaconnects.kafka.strimzi.io cre customresourcedefinition.apiextensions.k8s.io/kafkamirrormakers.kafka.strimzi.io created configmap/strimzi-cluster-operator created -$ kubectl apply -f kafka-cluster/cluster1.yaml +$ kubectl apply -f server/cluster1.yaml kafka.kafka.strimzi.io/cluster1 created kafkatopic.kafka.strimzi.io/topic1 created @@ -409,8 +409,8 @@ _**Private:**_ ~~~ shell skupper delete -kubectl delete -f kafka-cluster/cluster1.yaml -kubectl delete -f kafka-cluster/strimzi.yaml +kubectl delete -f server/cluster1.yaml +kubectl delete -f server/strimzi.yaml ~~~ _**Public:**_ diff --git a/client/.plano.py b/client/.plano.py new file mode 100644 index 0000000..c46874b --- /dev/null +++ b/client/.plano.py @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +from plano import * + +image_tag = "quay.io/skupper/kafka-example-client" + +@command +def build(no_cache=False): + no_cache_arg = "--no-cache" if no_cache else "" + + run(f"podman build {no_cache_arg} --format docker -t {image_tag} .") + +@command +def run_(): + run(f"podman run --net host {image_tag}") + +@command +def debug(): + run(f"podman run -it --net host --entrypoint /bin/sh {image_tag}") + +@command +def push(): + run("podman login quay.io") + run(f"podman push {image_tag}") diff --git a/client/Containerfile b/client/Containerfile new file mode 100644 index 0000000..a78085c --- /dev/null +++ b/client/Containerfile @@ -0,0 +1,35 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM docker.io/library/maven:3-eclipse-temurin-21 AS build + +COPY src /root/src +COPY pom.xml /root/pom.xml + +WORKDIR /root +RUN mvn package + +FROM eclipse-temurin:21 AS run + +RUN useradd -r fritz +USER fritz + +COPY --from=build --chown=fritz:root /root/target/quarkus-app /home/fritz/quarkus-app + +ENTRYPOINT ["java", "-jar", "/home/fritz/quarkus-app/quarkus-run.jar"] diff --git a/kafka-client/pom.xml b/client/pom.xml similarity index 58% rename from kafka-client/pom.xml rename to client/pom.xml index 591a9c2..863c0a7 100644 --- a/kafka-client/pom.xml +++ b/client/pom.xml @@ -1,3 +1,19 @@ + 4.0.0 @@ -7,10 +23,10 @@ 1.0.0-SNAPSHOT - 11 - 11 + 21 + 21 UTF-8 - 1.13.7.Final + 3.7.3 diff --git a/kafka-client/src/main/java/net/example/Client.java b/client/src/main/java/net/example/Client.java similarity index 56% rename from kafka-client/src/main/java/net/example/Client.java rename to client/src/main/java/net/example/Client.java index b9ec973..8b40734 100644 --- a/kafka-client/src/main/java/net/example/Client.java +++ b/client/src/main/java/net/example/Client.java @@ -1,14 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package net.example; import io.quarkus.runtime.QuarkusApplication; import io.quarkus.runtime.annotations.QuarkusMain; +import jakarta.enterprise.context.ApplicationScoped; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; -import javax.enterprise.context.ApplicationScoped; import org.eclipse.microprofile.reactive.messaging.Channel; import org.eclipse.microprofile.reactive.messaging.Emitter; import org.eclipse.microprofile.reactive.messaging.Incoming; +@ApplicationScoped @QuarkusMain public class Client implements QuarkusApplication { static int desired = 10; @@ -17,6 +35,12 @@ public class Client implements QuarkusApplication { @Channel("outgoing-messages") Emitter emitter; + @Incoming("incoming-messages") + public void receive(String message) { + System.out.println("Received " + message); + completion.countDown(); + } + @Override public int run(String... args) { try { @@ -42,13 +66,4 @@ public int run(String... args) { return 1; } } - - @ApplicationScoped - public static class Receiver { - @Incoming("incoming-messages") - public void receive(String message) { - System.out.println("Received " + message); - completion.countDown(); - } - } } diff --git a/kafka-client/src/main/resources/application.properties b/client/src/main/resources/application.properties similarity index 100% rename from kafka-client/src/main/resources/application.properties rename to client/src/main/resources/application.properties diff --git a/kafka-client/.gitignore b/kafka-client/.gitignore deleted file mode 100644 index ea8c4bf..0000000 --- a/kafka-client/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/target diff --git a/kafka-client/.plano.py b/kafka-client/.plano.py deleted file mode 100644 index a8166c1..0000000 --- a/kafka-client/.plano.py +++ /dev/null @@ -1,24 +0,0 @@ -from plano import * - -@command -def build(): - run("mvn package") - -@command(name="run") -def run_(): - build() - run("java -jar target/quarkus-app/quarkus-run.jar") - -@command -def clean(): - run("mvn clean") - -@command -def build_image(): - build() - run("podman build -t quay.io/skupper/kafka-example-client .") - -@command -def push_image(): - build_image() - run("podman push quay.io/skupper/kafka-example-client") diff --git a/kafka-client/Containerfile b/kafka-client/Containerfile deleted file mode 100644 index add0673..0000000 --- a/kafka-client/Containerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal - -RUN microdnf -y install java-11-openjdk-headless && microdnf clean all - -ADD target/ /app/target - -ENTRYPOINT ["java", "-jar", "/app/target/quarkus-app/quarkus-run.jar"] diff --git a/kafka-cluster/cluster1.yaml b/server/cluster1.yaml similarity index 94% rename from kafka-cluster/cluster1.yaml rename to server/cluster1.yaml index e3e35a7..6d457e7 100644 --- a/kafka-cluster/cluster1.yaml +++ b/server/cluster1.yaml @@ -4,7 +4,7 @@ metadata: name: cluster1 spec: kafka: - version: 3.4.0 + version: 3.6.1 replicas: 1 listeners: - name: plain @@ -25,7 +25,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.4" + inter.broker.protocol.version: "3.6" storage: type: ephemeral zookeeper: diff --git a/kafka-cluster/strimzi.yaml b/server/strimzi.yaml similarity index 90% rename from kafka-cluster/strimzi.yaml rename to server/strimzi.yaml index 839a68b..7169046 100644 --- a/kafka-cluster/strimzi.yaml +++ b/server/strimzi.yaml @@ -1,174 +1,4 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: strimzi-cluster-operator - labels: - app: strimzi - namespace: private -spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator - strimzi.io/kind: cluster-operator - template: - metadata: - labels: - name: strimzi-cluster-operator - strimzi.io/kind: cluster-operator - spec: - serviceAccountName: strimzi-cluster-operator - volumes: - - name: strimzi-tmp - emptyDir: - medium: Memory - sizeLimit: 1Mi - - name: co-config-volume - configMap: - name: strimzi-cluster-operator - containers: - - name: strimzi-cluster-operator - image: 'quay.io/strimzi/operator:0.34.0' - ports: - - containerPort: 8080 - name: http - args: - - /opt/strimzi/bin/cluster_operator_run.sh - volumeMounts: - - name: strimzi-tmp - mountPath: /tmp - - name: co-config-volume - mountPath: /opt/strimzi/custom-config/ - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: '120000' - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: '300000' - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: 'quay.io/strimzi/kafka:0.34.0-kafka-3.4.0' - - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE - value: 'quay.io/strimzi/kafka:0.34.0-kafka-3.4.0' - - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE - value: 'quay.io/strimzi/kafka:0.34.0-kafka-3.4.0' - - name: STRIMZI_KAFKA_IMAGES - value: | - 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1 - 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2 - 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0 - - name: STRIMZI_KAFKA_CONNECT_IMAGES - value: | - 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1 - 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2 - 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0 - - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES - value: | - 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1 - 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2 - 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0 - - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES - value: | - 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1 - 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2 - 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0 - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: 'quay.io/strimzi/operator:0.34.0' - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: 'quay.io/strimzi/operator:0.34.0' - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: 'quay.io/strimzi/operator:0.34.0' - - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE - value: 'quay.io/strimzi/kafka-bridge:0.25.0' - - name: STRIMZI_DEFAULT_JMXTRANS_IMAGE - value: 'quay.io/strimzi/jmxtrans:0.34.0' - - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE - value: 'quay.io/strimzi/kaniko-executor:0.34.0' - - name: STRIMZI_DEFAULT_MAVEN_BUILDER - value: 'quay.io/strimzi/maven-builder:0.34.0' - - name: STRIMZI_OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FEATURE_GATES - value: '-UseStrimziPodSets' - - name: STRIMZI_LEADER_ELECTION_ENABLED - value: 'true' - - name: STRIMZI_LEADER_ELECTION_LEASE_NAME - value: strimzi-cluster-operator - - name: STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_LEADER_ELECTION_IDENTITY - valueFrom: - fieldRef: - fieldPath: metadata.name - livenessProbe: - httpGet: - path: /healthy - port: http - initialDelaySeconds: 10 - periodSeconds: 30 - readinessProbe: - httpGet: - path: /ready - port: http - initialDelaySeconds: 10 - periodSeconds: 30 - resources: - limits: - cpu: 1000m - memory: 384Mi - requests: - cpu: 200m - memory: 384Mi - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: strimzi-kafka-broker - labels: - app: strimzi -rules: - - apiGroups: - - '' - resources: - - nodes - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: strimzi-cluster-operator-leader-election - labels: - app: strimzi - namespace: private -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-cluster-operator-leader-election - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: strimzi-cluster-operator - labels: - app: strimzi - namespace: private - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -220,16 +50,22 @@ spec: version: type: string description: >- - The Kafka Connect version. Defaults to - {DefaultKafkaVersion}. Consult the user documentation to - understand the process required to upgrade or downgrade the - version. + The Kafka Connect version. Defaults to the latest version. + Consult the user documentation to understand the process + required to upgrade or downgrade the version. replicas: type: integer - description: The number of pods in the Kafka Connect group. + description: >- + The number of pods in the Kafka Connect group. Defaults to + `3`. image: type: string - description: The docker image for the pods. + description: >- + The container image used for Kafka Connect pods. If no image + name is explicitly specified, it is determined based on the + `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. bootstrapServers: type: string description: >- @@ -364,6 +200,11 @@ spec: The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests to + the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- @@ -477,6 +318,13 @@ spec: resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -643,7 +491,7 @@ spec: configuration. description: >- `ConfigMap` entry where the logging configuration is - stored. + stored. required: - type description: Logging configuration for Kafka Connect. @@ -662,7 +510,7 @@ spec: A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` - config for Kafka Connect or MirrorMaker 2.0. + config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- @@ -678,9 +526,9 @@ spec: - opentelemetry description: >- Type of the tracing used. Currently the only supported - types are `jaeger` for OpenTracing (Jaeger) tracing and - `opentelemetry` for OpenTelemetry tracing. The - OpenTracing (Jaeger) tracing is deprecated. + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. @@ -696,19 +544,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string @@ -730,19 +570,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: @@ -754,19 +586,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -1165,8 +989,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -1251,19 +1074,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -1282,7 +1097,6 @@ spec: unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. ipFamilies: type: array items: @@ -1292,10 +1106,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka Connect API `Service`. headlessService: type: object @@ -1306,19 +1119,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -1337,7 +1142,6 @@ spec: unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. ipFamilies: type: array items: @@ -1347,10 +1151,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka Connect headless `Service`. connectContainer: type: object @@ -1513,19 +1316,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. @@ -1549,19 +1344,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: @@ -1573,19 +1360,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: @@ -1597,19 +1376,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -2008,8 +1779,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -2174,19 +1944,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. @@ -2208,19 +1970,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: @@ -2232,19 +1986,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX @@ -2252,7 +1998,7 @@ spec: description: >- Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the - `Deployment`, `Pods` and `Service` are generated. + `Pods`, `Service`, and other services are generated. externalConfiguration: type: object properties: @@ -2420,6 +2166,13 @@ spec: resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -2487,7 +2240,7 @@ spec: while building the new container. If not specified, the downloaded artifact will not be verified. Not applicable to the `maven` - artifact type. + artifact type. type: type: string enum: @@ -2564,8 +2317,7 @@ spec: configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. + configuration is stored. required: - type - valueFrom @@ -2651,168 +2403,34 @@ spec: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: strimzi-cluster-operator-namespaced + name: strimzi-kafka-broker labels: app: strimzi rules: - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - '' - resources: - - pods - - serviceaccounts - - configmaps - - services - - endpoints - - secrets - - persistentvolumeclaims - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - apiGroups: - '' - - events.k8s.io - resources: - - events - verbs: - - create - - apiGroups: - - build.openshift.io resources: - - buildconfigs - - buildconfigs/instantiate - - builds + - nodes verbs: - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - verbs: - - get - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: strimzi-cluster-operator-watched - labels: - app: strimzi - namespace: private -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-cluster-operator-watched - apiGroup: rbac.authorization.k8s.io --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: kafkaconnectors.kafka.strimzi.io + name: kafkausers.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: - kind: KafkaConnector - listKind: KafkaConnectorList - singular: kafkaconnector - plural: kafkaconnectors + kind: KafkaUser + listKind: KafkaUserList + singular: kafkauser + plural: kafkausers shortNames: - - kctr + - ku categories: - strimzi scope: Namespaced @@ -2824,22 +2442,19 @@ spec: storage: true subresources: status: {} - scale: - specReplicasPath: .spec.tasksMax - statusReplicasPath: .status.tasksMax additionalPrinterColumns: - name: Cluster - description: The name of the Kafka Connect cluster this connector belongs to + description: The name of the Kafka cluster this user belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - - name: Connector class - description: The class used by this connector - jsonPath: .spec.class + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type type: string - - name: Max Tasks - description: Maximum number of tasks - jsonPath: .spec.tasksMax - type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' @@ -2851,643 +2466,534 @@ spec: spec: type: object properties: - class: - type: string - description: The Class for the Kafka Connector. - tasksMax: - type: integer - minimum: 1 - description: The maximum number of tasks for the Kafka Connector. - autoRestart: + authentication: type: object properties: - enabled: - type: boolean + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. + required: + - valueFrom description: >- - Whether automatic restart for failed connectors and - tasks should be enabled or disabled. - description: Automatic restart of connector and tasks configuration. - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The Kafka Connector configuration. The following properties - cannot be set: connector.class, tasks.max. - pause: - type: boolean - description: Whether the connector should be paused. Defaults to false. - description: The specification of the Kafka Connector. - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - description: >- - The unique identifier of a condition, used to - distinguish between other conditions in the resource. - status: - type: string - description: >- - The status of the condition, either True, False or - Unknown. - lastTransitionTime: - type: string - description: >- - Last time the condition of a type changed from one - status to another. The required format is - 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. - reason: - type: string - description: >- - The reason for the condition's last transition (a - single word in CamelCase). - message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - autoRestart: - type: object - properties: - count: - type: integer - description: The number of times the connector or task is restarted. - connectorName: - type: string - description: The name of the connector being restarted. - lastRestartTimestamp: + Specify the password for the user. If not set, a new + password is generated by the User Operator. + type: type: string - description: >- - The last time the automatic restart was attempted. The - required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC - time zone. - description: The auto restart status. - connectorStatus: - x-kubernetes-preserve-unknown-fields: true - type: object + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type description: >- - The connector status, as reported by the Kafka Connect REST - API. - tasksMax: - type: integer - description: The maximum number of tasks for the Kafka Connector. - topics: - type: array - items: - type: string - description: The list of topics used by the Kafka Connector. - description: The status of the Kafka Connector. + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kafkabridges.kafka.strimzi.io - labels: - app: strimzi - strimzi.io/crd-install: 'true' -spec: - group: kafka.strimzi.io - names: - kind: KafkaBridge - listKind: KafkaBridgeList - singular: kafkabridge - plural: kafkabridges - shortNames: - - kb - categories: - - strimzi - scope: Namespaced - conversion: - strategy: None - versions: - - name: v1beta2 - served: true - storage: true - subresources: - status: {} - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - labelSelectorPath: .status.labelSelector - additionalPrinterColumns: - - name: Desired replicas - description: The desired number of Kafka Bridge replicas - jsonPath: .spec.replicas - type: integer - - name: Bootstrap Servers - description: The boostrap servers - jsonPath: .spec.bootstrapServers - type: string - priority: 1 - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - replicas: - type: integer - minimum: 0 - description: The number of pods in the `Deployment`. - image: - type: string - description: The docker image for the pods. - bootstrapServers: - type: string - description: >- - A list of host:port pairs for establishing the initial - connection to the Kafka cluster. - tls: + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: type: object properties: - trustedCertificates: + acls: type: array items: type: object properties: - certificate: + host: type: string - description: The name of the file certificate in the Secret. - secretName: + description: >- + The host from which the action described in the + ACL rule is allowed or denied. + operation: type: string - description: The name of the Secret containing the certificate. + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. required: - - certificate - - secretName - description: Trusted certificates for TLS connection. - description: >- - TLS configuration for connecting Kafka Bridge to the - cluster. - authentication: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: >- + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: type: object properties: - accessToken: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored in - the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName + consumerByteRate: + type: integer + minimum: 0 description: >- - Link to Kubernetes Secret containing the access token - which was obtained from the authorization server. - accessTokenIsJwt: - type: boolean + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + controllerMutationRate: + type: number + minimum: 0 description: >- - Configure whether access token should be treated as JWT. - This should be set to `false` if the authorization - server returns opaque tokens. Defaults to `true`. - audience: - type: string + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + producerByteRate: + type: integer + minimum: 0 description: >- - OAuth audience to use when authenticating against the - authorization server. Some authorization servers require - the audience to be explicitly set. The possible values - depend on how the authorization server is configured. By - default, `audience` is not specified when performing the - token endpoint request. - certificateAndKey: + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: >- + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: type: object properties: - certificate: - type: string - description: The name of the file certificate in the Secret. - key: - type: string - description: The name of the private key in the Secret. - secretName: - type: string - description: The name of the Secret containing the certificate. - required: - - certificate - - key - - secretName - description: >- - Reference to the `Secret` which holds the certificate - and private key pair. - clientId: - type: string - description: >- - OAuth Client ID which the Kafka client can use to - authenticate against the OAuth server and use the token - endpoint URI. - clientSecret: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored in - the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the OAuth client - secret which the Kafka client can use to authenticate - against the OAuth server and use the token endpoint URI. - connectTimeoutSeconds: - type: integer - description: >- - The connect timeout in seconds when connecting to - authorization server. If not set, the effective connect - timeout is 60 seconds. - disableTlsHostnameVerification: - type: boolean - description: >- - Enable or disable TLS hostname verification. Default - value is `false`. - enableMetrics: - type: boolean - description: >- - Enable or disable OAuth metrics. Default value is - `false`. - httpRetries: - type: integer - description: >- - The maximum number of retries to attempt if an initial - HTTP request fails. If not set, the default is to not - attempt any retries. - httpRetryPauseMs: - type: integer - description: >- - The pause to take before retrying a failed HTTP request. - If not set, the default is to not pause at all but to - immediately repeat a request. - maxTokenExpirySeconds: - type: integer - description: >- - Set or limit time-to-live of the access tokens to the - specified number of seconds. This should be set if the - authorization server returns opaque tokens. - passwordSecret: - type: object - properties: - password: - type: string - description: >- - The name of the key in the Secret under which the - password is stored. - secretName: - type: string - description: The name of the Secret containing the password. - required: - - password - - secretName - description: Reference to the `Secret` which holds the password. - readTimeoutSeconds: - type: integer + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. description: >- - The read timeout in seconds when connecting to - authorization server. If not set, the effective read - timeout is 60 seconds. - refreshToken: + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + authentication: + type: object + properties: + password: type: object properties: - key: - type: string - description: >- - The key under which the secret value is stored in - the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the refresh token - which can be used to obtain access token from the - authorization server. - scope: - type: string - description: >- - OAuth scope to use when authenticating against the - authorization server. Some authorization servers require - this to be set. The possible values depend on how - authorization server is configured. By default `scope` - is not specified when doing the token endpoint request. - tlsTrustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - description: The name of the file certificate in the Secret. - secretName: - type: string - description: The name of the Secret containing the certificate. - required: - - certificate - - secretName + - valueFrom description: >- - Trusted certificates for TLS connection to the OAuth - server. - tokenEndpointUri: - type: string - description: Authorization server token endpoint URI. + Specify the password for the user. If not set, a new + password is generated by the User Operator. type: type: string enum: - tls - - scram-sha-256 + - tls-external - scram-sha-512 - - plain - - oauth - description: >- - Authentication type. Currently the supported types are - `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and - 'oauth'. `scram-sha-256` and `scram-sha-512` types use - SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 - Authentication, respectively. `plain` type uses SASL - PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER - Authentication. The `tls` type uses TLS Client - Authentication. The `tls` type is supported only over - TLS connections. - username: - type: string - description: Username used for the authentication. + description: Authentication type. required: - type - description: Authentication configuration for connecting to the cluster. - http: - type: object - properties: - port: - type: integer - minimum: 1023 - description: The port which is the server listening on. - cors: - type: object - properties: - allowedOrigins: - type: array - items: - type: string - description: >- - List of allowed origins. Java regular expressions - can be used. - allowedMethods: - type: array - items: - type: string - description: List of allowed HTTP methods. - required: - - allowedOrigins - - allowedMethods - description: CORS configuration for the HTTP Bridge. - description: The HTTP related configuration. - adminClient: - type: object - properties: - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The Kafka AdminClient configuration used for AdminClient - instances created by the bridge. - description: Kafka AdminClient related configuration. - consumer: - type: object - properties: - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The Kafka consumer configuration used for consumer - instances created by the bridge. Properties with the - following prefixes cannot be set: ssl., - bootstrap.servers, group.id, sasl., security. (with the - exception of: ssl.endpoint.identification.algorithm, - ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). - description: Kafka consumer related configuration. - producer: - type: object - properties: - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The Kafka producer configuration used for producer - instances created by the bridge. Properties with the - following prefixes cannot be set: ssl., - bootstrap.servers, sasl., security. (with the exception - of: ssl.endpoint.identification.algorithm, - ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). - description: Kafka producer related configuration. - resources: - type: object - properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true - type: object - description: CPU and memory resources to reserve. - jvmOptions: + description: >- + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. + + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: type: object properties: - '-XX': - x-kubernetes-preserve-unknown-fields: true - type: object - description: A map of -XX options to the JVM. - '-Xms': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xms option to to the JVM.' - '-Xmx': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xmx option to to the JVM.' - gcLoggingEnabled: - type: boolean - description: >- - Specifies whether the Garbage Collection logging is - enabled. The default is false. - javaSystemProperties: + acls: type: array items: type: object properties: - name: + host: type: string - description: The system property name. - value: + description: >- + The host from which the action described in the + ACL rule is allowed or denied. + operation: type: string - description: The system property value. - description: >- - A map of additional system properties which will be - passed using the `-D` option to the JVM. - description: '**Currently not supported** JVM Options for pods.' - logging: - type: object - properties: - loggers: - x-kubernetes-preserve-unknown-fields: true - type: object - description: A Map from logger name to logger level. + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. + required: + - resource + description: List of ACL rules which should be applied to this user. type: type: string enum: - - inline - - external - description: 'Logging type, must be either ''inline'' or ''external''.' - valueFrom: - type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap containing the - configuration. + - simple description: >- - `ConfigMap` entry where the logging configuration is - stored. + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. required: + - acls - type - description: Logging configuration for Kafka Bridge. - clientRackInitImage: - type: string - description: >- - The image of the init container used for initializing the - `client.rack`. - rack: + description: Authorization rules for this Kafka user. + quotas: type: object properties: - topologyKey: - type: string - example: topology.kubernetes.io/zone - description: >- - A key that matches labels assigned to the Kubernetes - cluster nodes. The value of the label is used to set a - broker's `broker.rack` config, and the `client.rack` - config for Kafka Connect or MirrorMaker 2.0. - required: - - topologyKey - description: >- - Configuration of the node label which will be used as the - client.rack consumer configuration. - enableMetrics: - type: boolean - description: Enable the metrics for the Kafka Bridge. Default is false. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. - Minimum value is 1. - initialDelaySeconds: + consumerByteRate: type: integer minimum: 0 description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. Default to - 5 seconds. Minimum value is 1. - description: Pod liveness checking. - readinessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. - Minimum value is 1. - initialDelaySeconds: - type: integer + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + controllerMutationRate: + type: number minimum: 0 description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - successThreshold: + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + producerByteRate: type: integer - minimum: 1 + minimum: 0 description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: type: integer - minimum: 1 + minimum: 0 description: >- - The timeout for each attempted health check. Default to - 5 seconds. Minimum value is 1. - description: Pod readiness checking. + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. template: type: object properties: - deployment: + secret: type: object properties: metadata: @@ -3496,841 +3002,330 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. - deploymentStrategy: - type: string - enum: - - RollingUpdate - - Recreate - description: >- - Pod replacement strategy for deployment - configuration changes. Valid values are - `RollingUpdate` and `Recreate`. Defaults to - `RollingUpdate`. - description: Template for Kafka Bridge `Deployment`. - pod: + description: >- + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + authentication: + type: object + properties: + password: type: object properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - imagePullSecrets: - type: array - items: - type: object - properties: - name: - type: string - description: >- - List of references to secrets in the same namespace - to use for pulling any of the images used by this - Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` - environment variable in Cluster Operator and the - `imagePullSecrets` option are specified, only the - `imagePullSecrets` variable is used and the - `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. - securityContext: + valueFrom: type: object properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: + secretKeyRef: type: object properties: - level: - type: string - role: - type: string - type: + key: type: string - user: + name: type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - supplementalGroups: - type: array - items: - type: integer - sysctls: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: + optional: type: boolean - runAsUserName: - type: string - description: >- - Configures pod-level security attributes and common - container settings. - terminationGracePeriodSeconds: - type: integer - minimum: 0 - description: >- - The grace period is the duration in seconds after - the processes running in the pod are sent a - termination signal, and the time when the processes - are forcibly halted with a kill signal. Set this - value to longer than the expected cleanup time for - your process. Value must be a non-negative integer. - A zero value indicates delete immediately. You might - need to increase the grace period for very large - Kafka clusters, so that the Kafka brokers have - enough time to transfer their work to another broker - before they are terminated. Defaults to 30 seconds. - affinity: + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: >- + Specify the password for the user. If not set, a new + password is generated by the User Operator. + type: + type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: >- + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. + + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: + type: object + properties: + acls: + type: array + items: + type: object + properties: + host: + type: string + description: >- + The host from which the action described in the + ACL rule is allowed or denied. + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: >- + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + consumerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + controllerMutationRate: + type: number + minimum: 0 + description: >- + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + producerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: >- + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: + type: object + properties: + metadata: type: object properties: - nodeAffinity: + labels: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - description: The pod's affinity rules. - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - description: The pod's tolerations. - priorityClassName: - type: string - description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: - type: string - description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler will - be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string - description: >- - The pod's HostAliases. HostAliases is an optional - list of hosts and IPs that will be injected into the - Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' - description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean - description: >- - Indicates whether information about services should - be injected into Pod's environment variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for Kafka Bridge `Pods`. - apiService: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. - ipFamilyPolicy: - type: string - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - description: >- - Specifies the IP Family Policy used by the service. - Available options are `SingleStack`, - `PreferDualStack` and `RequireDualStack`. - `SingleStack` is for a single IP family. - `PreferDualStack` is for two IP families on - dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails - unless there are two IP families on dual-stack - configured clusters. If unspecified, Kubernetes will - choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. - ipFamilies: - type: array - items: - type: string - enum: - - IPv4 - - IPv6 - description: >- - Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If - unspecified, Kubernetes will choose the default - value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. - description: Template for Kafka Bridge API `Service`. - podDisruptionBudget: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: >- - Metadata to apply to the - `PodDisruptionBudgetTemplate` resource. - maxUnavailable: - type: integer - minimum: 0 - description: >- - Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is allowed - when the `maxUnavailable` number of pods or fewer - are unavailable after the eviction. Setting this - value to 0 prevents all voluntary evictions, so the - pods must be evicted manually. Defaults to 1. - description: Template for Kafka Bridge `PodDisruptionBudget`. - bridgeContainer: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to the - container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the Kafka Bridge container. - clusterRoleBinding: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - description: Template for the Kafka Bridge ClusterRoleBinding. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - description: Template for the Kafka Bridge service account. - initContainer: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to the - container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the Kafka Bridge init container. - description: >- - Template for Kafka Bridge resources. The template allows - users to specify how a `Deployment` and `Pod` is generated. - tracing: - type: object - properties: - type: - type: string - enum: - - jaeger - - opentelemetry description: >- - Type of the tracing used. Currently the only supported - types are `jaeger` for OpenTracing (Jaeger) tracing and - `opentelemetry` for OpenTelemetry tracing. The - OpenTracing (Jaeger) tracing is deprecated. - required: - - type - description: The configuration of tracing in Kafka Bridge. - required: - - bootstrapServers - description: The specification of the Kafka Bridge. + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. status: type: object properties: @@ -4371,1558 +3366,539 @@ spec: description: >- The generation of the CRD that was last reconciled by the operator. - url: + username: type: string - description: >- - The URL at which external client applications can access the - Kafka Bridge. - labelSelector: + description: Username. + secret: type: string - description: Label selector for pods providing this resource. - replicas: - type: integer - description: >- - The current number of pods being used to provide this - resource. - description: The status of the Kafka Bridge. + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: kafkamirrormakers.kafka.strimzi.io + name: strimzi-cluster-operator-namespaced labels: app: strimzi - strimzi.io/crd-install: 'true' -spec: - group: kafka.strimzi.io - names: - kind: KafkaMirrorMaker - listKind: KafkaMirrorMakerList - singular: kafkamirrormaker - plural: kafkamirrormakers - shortNames: - - kmm - categories: - - strimzi - scope: Namespaced - conversion: - strategy: None - versions: - - name: v1beta2 - served: true - storage: true - subresources: - status: {} - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - labelSelectorPath: .status.labelSelector - additionalPrinterColumns: - - name: Desired replicas - description: The desired number of Kafka MirrorMaker replicas - jsonPath: .spec.replicas - type: integer - - name: Consumer Bootstrap Servers - description: The boostrap servers for the consumer - jsonPath: .spec.consumer.bootstrapServers - type: string - priority: 1 - - name: Producer Bootstrap Servers - description: The boostrap servers for the producer - jsonPath: .spec.producer.bootstrapServers - type: string - priority: 1 - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - version: - type: string - description: >- - The Kafka MirrorMaker version. Defaults to - {DefaultKafkaVersion}. Consult the documentation to - understand the process required to upgrade or downgrade the - version. - replicas: - type: integer - minimum: 0 - description: The number of pods in the `Deployment`. - image: - type: string - description: The docker image for the pods. - consumer: - type: object - properties: - numStreams: - type: integer - minimum: 1 - description: >- - Specifies the number of consumer stream threads to - create. - offsetCommitInterval: - type: integer - description: >- - Specifies the offset auto-commit interval in ms. Default - value is 60000. - bootstrapServers: - type: string - description: >- - A list of host:port pairs for establishing the initial - connection to the Kafka cluster. - groupId: - type: string - description: >- - A unique string that identifies the consumer group this - consumer belongs to. - authentication: - type: object - properties: - accessToken: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the access - token which was obtained from the authorization - server. - accessTokenIsJwt: - type: boolean - description: >- - Configure whether access token should be treated as - JWT. This should be set to `false` if the - authorization server returns opaque tokens. Defaults - to `true`. - audience: - type: string - description: >- - OAuth audience to use when authenticating against - the authorization server. Some authorization servers - require the audience to be explicitly set. The - possible values depend on how the authorization - server is configured. By default, `audience` is not - specified when performing the token endpoint - request. - certificateAndKey: - type: object - properties: - certificate: - type: string - description: The name of the file certificate in the Secret. - key: - type: string - description: The name of the private key in the Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - key - - secretName - description: >- - Reference to the `Secret` which holds the - certificate and private key pair. - clientId: - type: string - description: >- - OAuth Client ID which the Kafka client can use to - authenticate against the OAuth server and use the - token endpoint URI. - clientSecret: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the OAuth - client secret which the Kafka client can use to - authenticate against the OAuth server and use the - token endpoint URI. - connectTimeoutSeconds: - type: integer - description: >- - The connect timeout in seconds when connecting to - authorization server. If not set, the effective - connect timeout is 60 seconds. - disableTlsHostnameVerification: - type: boolean - description: >- - Enable or disable TLS hostname verification. Default - value is `false`. - enableMetrics: - type: boolean - description: >- - Enable or disable OAuth metrics. Default value is - `false`. - httpRetries: - type: integer - description: >- - The maximum number of retries to attempt if an - initial HTTP request fails. If not set, the default - is to not attempt any retries. - httpRetryPauseMs: - type: integer - description: >- - The pause to take before retrying a failed HTTP - request. If not set, the default is to not pause at - all but to immediately repeat a request. - maxTokenExpirySeconds: - type: integer - description: >- - Set or limit time-to-live of the access tokens to - the specified number of seconds. This should be set - if the authorization server returns opaque tokens. - passwordSecret: - type: object - properties: - password: - type: string - description: >- - The name of the key in the Secret under which - the password is stored. - secretName: - type: string - description: The name of the Secret containing the password. - required: - - password - - secretName - description: Reference to the `Secret` which holds the password. - readTimeoutSeconds: - type: integer - description: >- - The read timeout in seconds when connecting to - authorization server. If not set, the effective read - timeout is 60 seconds. - refreshToken: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the refresh - token which can be used to obtain access token from - the authorization server. - scope: - type: string - description: >- - OAuth scope to use when authenticating against the - authorization server. Some authorization servers - require this to be set. The possible values depend - on how authorization server is configured. By - default `scope` is not specified when doing the - token endpoint request. - tlsTrustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - description: >- - The name of the file certificate in the - Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - secretName - description: >- - Trusted certificates for TLS connection to the OAuth - server. - tokenEndpointUri: - type: string - description: Authorization server token endpoint URI. - type: - type: string - enum: - - tls - - scram-sha-256 - - scram-sha-512 - - plain - - oauth - description: >- - Authentication type. Currently the supported types - are `tls`, `scram-sha-256`, `scram-sha-512`, - `plain`, and 'oauth'. `scram-sha-256` and - `scram-sha-512` types use SASL SCRAM-SHA-256 and - SASL SCRAM-SHA-512 Authentication, respectively. - `plain` type uses SASL PLAIN Authentication. `oauth` - type uses SASL OAUTHBEARER Authentication. The `tls` - type uses TLS Client Authentication. The `tls` type - is supported only over TLS connections. - username: - type: string - description: Username used for the authentication. - required: - - type - description: >- - Authentication configuration for connecting to the - cluster. - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The MirrorMaker consumer config. Properties with the - following prefixes cannot be set: ssl., - bootstrap.servers, group.id, sasl., security., - interceptor.classes (with the exception of: - ssl.endpoint.identification.algorithm, - ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - description: >- - The name of the file certificate in the - Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - secretName - description: Trusted certificates for TLS connection. - description: >- - TLS configuration for connecting MirrorMaker to the - cluster. - required: - - bootstrapServers - - groupId - description: Configuration of source cluster. - producer: - type: object - properties: - bootstrapServers: - type: string - description: >- - A list of host:port pairs for establishing the initial - connection to the Kafka cluster. - abortOnSendFailure: - type: boolean - description: >- - Flag to set the MirrorMaker to exit on a failed send. - Default value is `true`. - authentication: - type: object - properties: - accessToken: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the access - token which was obtained from the authorization - server. - accessTokenIsJwt: - type: boolean - description: >- - Configure whether access token should be treated as - JWT. This should be set to `false` if the - authorization server returns opaque tokens. Defaults - to `true`. - audience: - type: string - description: >- - OAuth audience to use when authenticating against - the authorization server. Some authorization servers - require the audience to be explicitly set. The - possible values depend on how the authorization - server is configured. By default, `audience` is not - specified when performing the token endpoint - request. - certificateAndKey: - type: object - properties: - certificate: - type: string - description: The name of the file certificate in the Secret. - key: - type: string - description: The name of the private key in the Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - key - - secretName - description: >- - Reference to the `Secret` which holds the - certificate and private key pair. - clientId: - type: string - description: >- - OAuth Client ID which the Kafka client can use to - authenticate against the OAuth server and use the - token endpoint URI. - clientSecret: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the OAuth - client secret which the Kafka client can use to - authenticate against the OAuth server and use the - token endpoint URI. - connectTimeoutSeconds: - type: integer - description: >- - The connect timeout in seconds when connecting to - authorization server. If not set, the effective - connect timeout is 60 seconds. - disableTlsHostnameVerification: - type: boolean - description: >- - Enable or disable TLS hostname verification. Default - value is `false`. - enableMetrics: - type: boolean - description: >- - Enable or disable OAuth metrics. Default value is - `false`. - httpRetries: - type: integer - description: >- - The maximum number of retries to attempt if an - initial HTTP request fails. If not set, the default - is to not attempt any retries. - httpRetryPauseMs: - type: integer - description: >- - The pause to take before retrying a failed HTTP - request. If not set, the default is to not pause at - all but to immediately repeat a request. - maxTokenExpirySeconds: - type: integer - description: >- - Set or limit time-to-live of the access tokens to - the specified number of seconds. This should be set - if the authorization server returns opaque tokens. - passwordSecret: - type: object - properties: - password: - type: string - description: >- - The name of the key in the Secret under which - the password is stored. - secretName: - type: string - description: The name of the Secret containing the password. - required: - - password - - secretName - description: Reference to the `Secret` which holds the password. - readTimeoutSeconds: - type: integer - description: >- - The read timeout in seconds when connecting to - authorization server. If not set, the effective read - timeout is 60 seconds. - refreshToken: - type: object - properties: - key: - type: string - description: >- - The key under which the secret value is stored - in the Kubernetes Secret. - secretName: - type: string - description: >- - The name of the Kubernetes Secret containing the - secret value. - required: - - key - - secretName - description: >- - Link to Kubernetes Secret containing the refresh - token which can be used to obtain access token from - the authorization server. - scope: - type: string - description: >- - OAuth scope to use when authenticating against the - authorization server. Some authorization servers - require this to be set. The possible values depend - on how authorization server is configured. By - default `scope` is not specified when doing the - token endpoint request. - tlsTrustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - description: >- - The name of the file certificate in the - Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - secretName - description: >- - Trusted certificates for TLS connection to the OAuth - server. - tokenEndpointUri: - type: string - description: Authorization server token endpoint URI. - type: - type: string - enum: - - tls - - scram-sha-256 - - scram-sha-512 - - plain - - oauth - description: >- - Authentication type. Currently the supported types - are `tls`, `scram-sha-256`, `scram-sha-512`, - `plain`, and 'oauth'. `scram-sha-256` and - `scram-sha-512` types use SASL SCRAM-SHA-256 and - SASL SCRAM-SHA-512 Authentication, respectively. - `plain` type uses SASL PLAIN Authentication. `oauth` - type uses SASL OAUTHBEARER Authentication. The `tls` - type uses TLS Client Authentication. The `tls` type - is supported only over TLS connections. - username: - type: string - description: Username used for the authentication. - required: - - type - description: >- - Authentication configuration for connecting to the - cluster. - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The MirrorMaker producer config. Properties with the - following prefixes cannot be set: ssl., - bootstrap.servers, sasl., security., interceptor.classes - (with the exception of: - ssl.endpoint.identification.algorithm, - ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - description: >- - The name of the file certificate in the - Secret. - secretName: - type: string - description: >- - The name of the Secret containing the - certificate. - required: - - certificate - - secretName - description: Trusted certificates for TLS connection. - description: >- - TLS configuration for connecting MirrorMaker to the - cluster. - required: - - bootstrapServers - description: Configuration of target cluster. - resources: - type: object - properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true - type: object - description: CPU and memory resources to reserve. - whitelist: - type: string - description: >- - List of topics which are included for mirroring. This option - allows any regular expression using Java-style regular - expressions. Mirroring two topics named A and B is achieved - by using the expression `A\|B`. Or, as a special case, you - can mirror all topics using the regular expression `*`. You - can also specify multiple regular expressions separated by - commas. - include: - type: string - description: >- - List of topics which are included for mirroring. This option - allows any regular expression using Java-style regular - expressions. Mirroring two topics named A and B is achieved - by using the expression `A\|B`. Or, as a special case, you - can mirror all topics using the regular expression `*`. You - can also specify multiple regular expressions separated by - commas. - jvmOptions: - type: object - properties: - '-XX': - x-kubernetes-preserve-unknown-fields: true - type: object - description: A map of -XX options to the JVM. - '-Xms': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xms option to to the JVM.' - '-Xmx': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xmx option to to the JVM.' - gcLoggingEnabled: - type: boolean - description: >- - Specifies whether the Garbage Collection logging is - enabled. The default is false. - javaSystemProperties: - type: array - items: - type: object - properties: - name: - type: string - description: The system property name. - value: - type: string - description: The system property value. - description: >- - A map of additional system properties which will be - passed using the `-D` option to the JVM. - description: JVM Options for pods. - logging: - type: object - properties: - loggers: - x-kubernetes-preserve-unknown-fields: true - type: object - description: A Map from logger name to logger level. - type: - type: string - enum: - - inline - - external - description: 'Logging type, must be either ''inline'' or ''external''.' - valueFrom: - type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap containing the - configuration. - description: >- - `ConfigMap` entry where the logging configuration is - stored. - required: - - type - description: Logging configuration for MirrorMaker. - metricsConfig: - type: object - properties: - type: - type: string - enum: - - jmxPrometheusExporter - description: >- - Metrics type. Only 'jmxPrometheusExporter' supported - currently. - valueFrom: - type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap containing the - configuration. - description: >- - ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. - required: - - type - - valueFrom - description: Metrics configuration. - tracing: - type: object - properties: - type: - type: string - enum: - - jaeger - - opentelemetry - description: >- - Type of the tracing used. Currently the only supported - types are `jaeger` for OpenTracing (Jaeger) tracing and - `opentelemetry` for OpenTelemetry tracing. The - OpenTracing (Jaeger) tracing is deprecated. - required: - - type - description: The configuration of tracing in Kafka MirrorMaker. - template: - type: object - properties: - deployment: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - deploymentStrategy: - type: string - enum: - - RollingUpdate - - Recreate - description: >- - Pod replacement strategy for deployment - configuration changes. Valid values are - `RollingUpdate` and `Recreate`. Defaults to - `RollingUpdate`. - description: Template for Kafka MirrorMaker `Deployment`. - pod: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - imagePullSecrets: - type: array - items: - type: object - properties: - name: - type: string - description: >- - List of references to secrets in the same namespace - to use for pulling any of the images used by this - Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` - environment variable in Cluster Operator and the - `imagePullSecrets` option are specified, only the - `imagePullSecrets` variable is used and the - `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. - securityContext: - type: object - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - supplementalGroups: - type: array - items: - type: integer - sysctls: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: >- - Configures pod-level security attributes and common - container settings. - terminationGracePeriodSeconds: - type: integer - minimum: 0 - description: >- - The grace period is the duration in seconds after - the processes running in the pod are sent a - termination signal, and the time when the processes - are forcibly halted with a kill signal. Set this - value to longer than the expected cleanup time for - your process. Value must be a non-negative integer. - A zero value indicates delete immediately. You might - need to increase the grace period for very large - Kafka clusters, so that the Kafka brokers have - enough time to transfer their work to another broker - before they are terminated. Defaults to 30 seconds. - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - description: The pod's affinity rules. - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - description: The pod's tolerations. - priorityClassName: - type: string - description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: - type: string - description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler will - be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string - description: >- - The pod's HostAliases. HostAliases is an optional - list of hosts and IPs that will be injected into the - Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' - description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean - description: >- - Indicates whether information about services should - be injected into Pod's environment variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for Kafka MirrorMaker `Pods`. - podDisruptionBudget: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: >- - Metadata to apply to the - `PodDisruptionBudgetTemplate` resource. - maxUnavailable: - type: integer - minimum: 0 - description: >- - Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is allowed - when the `maxUnavailable` number of pods or fewer - are unavailable after the eviction. Setting this - value to 0 prevents all voluntary evictions, so the - pods must be evicted manually. Defaults to 1. - description: Template for Kafka MirrorMaker `PodDisruptionBudget`. - mirrorMakerContainer: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to the - container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for Kafka MirrorMaker container. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - description: Template for the Kafka MirrorMaker service account. +rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - pods + - serviceaccounts + - configmaps + - services + - endpoints + - secrets + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - get + - patch + - update + - apiGroups: + - '' + - events.k8s.io + resources: + - events + verbs: + - create + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + - buildconfigs/instantiate + - builds + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator-watched + labels: + app: strimzi + namespace: private +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-watched + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkaconnectors.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaConnector + listKind: KafkaConnectorList + singular: kafkaconnector + plural: kafkaconnectors + shortNames: + - kctr + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.tasksMax + statusReplicasPath: .status.tasksMax + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka Connect cluster this connector belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Connector class + description: The class used by this connector + jsonPath: .spec.class + type: string + - name: Max Tasks + description: Maximum number of tasks + jsonPath: .spec.tasksMax + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + class: + type: string + description: The Class for the Kafka Connector. + tasksMax: + type: integer + minimum: 1 + description: The maximum number of tasks for the Kafka Connector. + autoRestart: + type: object + properties: + enabled: + type: boolean + description: >- + Whether automatic restart for failed connectors and + tasks should be enabled or disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that the + operator will try. If the connector remains in a failed + state after reaching this limit, it must be restarted + manually by the user. Defaults to an unlimited number of + restarts. + description: Automatic restart of connector and tasks configuration. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connector configuration. The following properties + cannot be set: connector.class, tasks.max. + pause: + type: boolean + description: Whether the connector should be paused. Defaults to false. + state: + type: string + enum: + - paused + - stopped + - running + description: The state the connector should be in. Defaults to running. + description: The specification of the Kafka Connector. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + autoRestart: + type: object + properties: + count: + type: integer + description: The number of times the connector or task is restarted. + connectorName: + type: string + description: The name of the connector being restarted. + lastRestartTimestamp: + type: string + description: >- + The last time the automatic restart was attempted. The + required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC + time zone. + description: The auto restart status. + connectorStatus: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The connector status, as reported by the Kafka Connect REST + API. + tasksMax: + type: integer + description: The maximum number of tasks for the Kafka Connector. + topics: + type: array + items: + type: string + description: The list of topics used by the Kafka Connector. + description: The status of the Kafka Connector. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: private +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-namespaced + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkatopics.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaTopic + listKind: KafkaTopicList + singular: kafkatopic + plural: kafkatopics + shortNames: + - kt + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + partitions: + type: integer + minimum: 1 + description: >- + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: >- + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + topicName: + type: string + description: Topic name. + description: The status of the topic. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + partitions: + type: integer + minimum: 1 description: >- - Template to specify how Kafka MirrorMaker resources, - `Deployments` and `Pods`, are generated. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. - Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. Default to - 5 seconds. Minimum value is 1. - description: Pod liveness checking. - readinessProbe: + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: >- + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. - Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. Default to - 5 seconds. Minimum value is 1. - description: Pod readiness checking. - oneOf: - - properties: - include: {} - required: - - include - - properties: - whitelist: {} - required: - - whitelist - required: - - replicas - - consumer - - producer - description: The specification of Kafka MirrorMaker. + description: The topic configuration. + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + description: The specification of the topic. status: type: object properties: @@ -5963,120 +3939,161 @@ spec: description: >- The generation of the CRD that was last reconciled by the operator. - labelSelector: + topicName: type: string - description: Label selector for pods providing this resource. + description: Topic name. + description: The status of the topic. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + partitions: + type: integer + minimum: 1 + description: >- + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. replicas: type: integer + minimum: 1 + maximum: 32767 description: >- - The current number of pods being used to provide this - resource. - description: The status of Kafka MirrorMaker. - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: strimzi-entity-operator - labels: - app: strimzi -rules: - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - - kafkatopics/status - - kafkausers - - kafkausers/status - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - '' - resources: - - events - verbs: - - create - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + topicName: + type: string + description: Topic name. + description: The status of the topic. --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: - name: strimzi-cluster-operator-global + name: strimzi-cluster-operator-kafka-client-delegation labels: app: strimzi -rules: - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - apiGroups: - - '' - resources: - - nodes - verbs: - - list +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-kafka-client + apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: - name: strimzi-kafka-client + name: strimzi-cluster-operator-kafka-broker-delegation labels: app: strimzi -rules: - - apiGroups: - - '' - resources: - - nodes - verbs: - - get +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-kafka-broker + apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: - name: strimzi-cluster-operator-kafka-client-delegation + name: strimzi-cluster-operator-leader-election labels: app: strimzi + namespace: private subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: private roleRef: kind: ClusterRole - name: strimzi-kafka-client + name: strimzi-cluster-operator-leader-election apiGroup: rbac.authorization.k8s.io --- @@ -6206,151 +4223,19 @@ spec: operator. pods: type: integer - description: Number of pods managed by the StrimziPodSet controller. + description: Number of pods managed by this `StrimziPodSet` resource. readyPods: type: integer description: >- - Number of pods managed by the StrimziPodSet controller that + Number of pods managed by this `StrimziPodSet` resource that are ready. currentPods: type: integer description: >- - Number of pods managed by the StrimziPodSet controller that + Number of pods managed by this `StrimziPodSet` resource that have the current revision. description: The status of the StrimziPodSet. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: strimzi-cluster-operator - labels: - app: strimzi - namespace: private -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-cluster-operator-namespaced - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: strimzi-cluster-operator-entity-operator-delegation - labels: - app: strimzi - namespace: private -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-entity-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: strimzi-cluster-operator-watched - labels: - app: strimzi -rules: - - apiGroups: - - '' - resources: - - pods - verbs: - - watch - - list - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkas/status - - kafkaconnects - - kafkaconnects/status - - kafkaconnectors - - kafkaconnectors/status - - kafkamirrormakers - - kafkamirrormakers/status - - kafkabridges - - kafkabridges/status - - kafkamirrormaker2s - - kafkamirrormaker2s/status - - kafkarebalances - - kafkarebalances/status - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - core.strimzi.io - resources: - - strimzipodsets - - strimzipodsets/status - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: strimzi-cluster-operator-leader-election - labels: - app: strimzi -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - strimzi-cluster-operator - verbs: - - get - - list - - watch - - delete - - patch - - update - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: strimzi-cluster-operator - labels: - app: strimzi -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-cluster-operator-global - apiGroup: rbac.authorization.k8s.io - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -6385,7 +4270,7 @@ spec: labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas - description: The desired number of Kafka MirrorMaker 2.0 replicas + description: The desired number of Kafka MirrorMaker 2 replicas jsonPath: .spec.replicas type: integer - name: Ready @@ -6402,21 +4287,30 @@ spec: version: type: string description: >- - The Kafka Connect version. Defaults to - {DefaultKafkaVersion}. Consult the user documentation to - understand the process required to upgrade or downgrade the - version. + The Kafka Connect version. Defaults to the latest version. + Consult the user documentation to understand the process + required to upgrade or downgrade the version. replicas: type: integer - description: The number of pods in the Kafka Connect group. + description: >- + The number of pods in the Kafka Connect group. Defaults to + `3`. image: type: string - description: The docker image for the pods. + description: >- + The container image used for Kafka Connect pods. If no image + name is explicitly specified, it is determined based on the + `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. connectCluster: type: string description: >- - The cluster alias used for Kafka Connect. The alias must - match a cluster in the list at `spec.clusters`. + The cluster alias used for Kafka Connect. The value must + match the alias of the *target* Kafka cluster as specified + in the `spec.clusters` configuration. The target Kafka + cluster is used by the underlying Kafka Connect framework + for its internal topics. clusters: type: array items: @@ -6454,7 +4348,7 @@ spec: - secretName description: Trusted certificates for TLS connection. description: >- - TLS configuration for connecting MirrorMaker 2.0 + TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object @@ -6574,6 +4468,12 @@ spec: The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in + requests to the authorization servers. The default + value is `true`. maxTokenExpirySeconds: type: integer description: >- @@ -6689,8 +4589,8 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object description: >- - The MirrorMaker 2.0 cluster config. Properties with - the following prefixes cannot be set: ssl., sasl., + The MirrorMaker 2 cluster config. Properties with the + following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: @@ -6710,13 +4610,13 @@ spec: type: string description: >- The alias of the source cluster used by the Kafka - MirrorMaker 2.0 connectors. The alias must match a + MirrorMaker 2 connectors. The alias must match a cluster in the list at `spec.clusters`. targetCluster: type: string description: >- The alias of the target cluster used by the Kafka - MirrorMaker 2.0 connectors. The alias must match a + MirrorMaker 2 connectors. The alias must match a cluster in the list at `spec.clusters`. sourceConnector: type: object @@ -6743,6 +4643,15 @@ spec: Whether automatic restart for failed connectors and tasks should be enabled or disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. description: >- Automatic restart of connector and tasks configuration. @@ -6751,8 +4660,17 @@ spec: description: >- Whether the connector should be paused. Defaults to false. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. description: >- - The specification of the Kafka MirrorMaker 2.0 source + The specification of the Kafka MirrorMaker 2 source connector. heartbeatConnector: type: object @@ -6779,6 +4697,15 @@ spec: Whether automatic restart for failed connectors and tasks should be enabled or disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. description: >- Automatic restart of connector and tasks configuration. @@ -6787,9 +4714,18 @@ spec: description: >- Whether the connector should be paused. Defaults to false. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. description: >- - The specification of the Kafka MirrorMaker 2.0 - heartbeat connector. + The specification of the Kafka MirrorMaker 2 heartbeat + connector. checkpointConnector: type: object properties: @@ -6815,6 +4751,15 @@ spec: Whether automatic restart for failed connectors and tasks should be enabled or disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. description: >- Automatic restart of connector and tasks configuration. @@ -6823,8 +4768,17 @@ spec: description: >- Whether the connector should be paused. Defaults to false. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. description: >- - The specification of the Kafka MirrorMaker 2.0 + The specification of the Kafka MirrorMaker 2 checkpoint connector. topicsPattern: type: string @@ -6864,10 +4818,17 @@ spec: required: - sourceCluster - targetCluster - description: Configuration of the MirrorMaker 2.0 connectors. + description: Configuration of the MirrorMaker 2 connectors. resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -7034,7 +4995,7 @@ spec: configuration. description: >- `ConfigMap` entry where the logging configuration is - stored. + stored. required: - type description: Logging configuration for Kafka Connect. @@ -7053,7 +5014,7 @@ spec: A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` - config for Kafka Connect or MirrorMaker 2.0. + config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- @@ -7069,9 +5030,9 @@ spec: - opentelemetry description: >- Type of the tracing used. Currently the only supported - types are `jaeger` for OpenTracing (Jaeger) tracing and - `opentelemetry` for OpenTelemetry tracing. The - OpenTracing (Jaeger) tracing is deprecated. + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. @@ -7087,19 +5048,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string @@ -7121,19 +5074,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: @@ -7145,19 +5090,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -7556,8 +5493,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -7642,19 +5578,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -7673,7 +5601,6 @@ spec: unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. ipFamilies: type: array items: @@ -7683,10 +5610,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka Connect API `Service`. headlessService: type: object @@ -7697,19 +5623,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -7728,7 +5646,6 @@ spec: unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. ipFamilies: type: array items: @@ -7738,10 +5655,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka Connect headless `Service`. connectContainer: type: object @@ -7904,19 +5820,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. @@ -7940,19 +5848,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: @@ -7964,19 +5864,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: @@ -7988,19 +5880,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -8399,8 +6283,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -8565,19 +6448,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. @@ -8599,19 +6474,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: @@ -8623,19 +6490,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX @@ -8643,7 +6502,7 @@ spec: description: >- Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the - `Deployment`, `Pods` and `Service` are generated. + `Pods`, `Service`, and other services are generated. externalConfiguration: type: object properties: @@ -8785,15 +6644,14 @@ spec: configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. + configuration is stored. required: - type - valueFrom description: Metrics configuration. required: - connectCluster - description: The specification of the Kafka MirrorMaker 2.0 cluster. + description: The specification of the Kafka MirrorMaker 2 cluster. status: type: object properties: @@ -8858,7 +6716,7 @@ spec: The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone. - description: List of MirrorMaker 2.0 connector auto restart statuses. + description: List of MirrorMaker 2 connector auto restart statuses. connectorPlugins: type: array items: @@ -8884,8 +6742,8 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object description: >- - List of MirrorMaker 2.0 connector statuses, as reported by - the Kafka Connect REST API. + List of MirrorMaker 2 connector statuses, as reported by the + Kafka Connect REST API. labelSelector: type: string description: Label selector for pods providing this resource. @@ -8894,7 +6752,7 @@ spec: description: >- The current number of pods being used to provide this resource. - description: The status of the Kafka MirrorMaker 2.0 cluster. + description: The status of the Kafka MirrorMaker 2 cluster. --- apiVersion: apiextensions.k8s.io/v1 @@ -8954,10 +6812,17 @@ spec: version: type: string description: >- - The kafka broker version. Defaults to - {DefaultKafkaVersion}. Consult the user documentation to - understand the process required to upgrade or downgrade - the version. + The Kafka broker version. Defaults to the latest + version. Consult the user documentation to understand + the process required to upgrade or downgrade the + version. + metadataVersion: + type: string + description: >- + The KRaft metadata version used by the Kafka cluster. + This property is ignored when running in ZooKeeper mode. + If the property is not set, it defaults to the metadata + version that corresponds to the `version` property. replicas: type: integer minimum: 1 @@ -8965,8 +6830,14 @@ spec: image: type: string description: >- - The docker image for the pods. The default value depends - on the configured `Kafka.spec.kafka.version`. + The container image used for Kafka pods. If the property + is not set, the default Kafka image version is + determined based on the `version` configuration. The + image names are specifically mapped to corresponding + versions in the Cluster Operator configuration. Changing + the Kafka image version does not automatically update + the image versions for other components, such as Kafka + Exporter. listeners: type: array minItems: 1 @@ -9007,7 +6878,7 @@ spec: description: > Type of the listener. Currently the supported types are `internal`, `route`, `loadbalancer`, - `nodeport` and `ingress`. + `nodeport` and `ingress`. * `internal` type exposes Kafka internally only @@ -9206,6 +7077,12 @@ spec: HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in + requests to the authorization servers. The + default value is `true`. introspectionEndpointUri: type: string description: >- @@ -9361,7 +7238,7 @@ spec: URI of the User Info Endpoint to use as a fallback to obtaining the user id when the Introspection Endpoint does not return - information that can be used for the user id. + information that can be used for the user id. userNameClaim: type: string description: >- @@ -9520,13 +7397,13 @@ spec: advertisedHost: type: string description: >- - The host name which will be used in the - brokers' `advertised.brokers`. + The host name used in the brokers' + `advertised.listeners`. advertisedPort: type: integer description: >- - The port number which will be used in - the brokers' `advertised.brokers`. + The port number used in the brokers' + `advertised.listeners`. host: type: string description: >- @@ -9596,7 +7473,6 @@ spec: IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. ipFamilies: type: array items: @@ -9606,11 +7482,10 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` - setting. Available on Kubernetes 1.20 and - newer. + setting. createBootstrapService: type: boolean description: >- @@ -9787,8 +7662,8 @@ spec: zookeeper.clientCnxnSocket, authorizer., super.user, cruise.control.metrics.topic, cruise.control.metrics.reporter.bootstrap.servers,node.id, - process.roles, controller. (with the exception of: - zookeeper.connection.timeout.ms, + process.roles, controller., metadata.log.dir (with the + exception of: zookeeper.connection.timeout.ms, sasl.server.max.receive.size,ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, ssl.secure.random.implementation,cruise.control.metrics.topic.num.partitions, @@ -9984,8 +7859,8 @@ spec: enableMetrics: type: boolean description: >- - Enable or disable OAuth metrics. Default value is - `false`. + Enable or disable OAuth metrics. The default value + is `false`. expireAfterMs: type: integer description: >- @@ -9995,6 +7870,26 @@ spec: authorization decisions are reloaded from the Open Policy Agent server. In milliseconds. Defaults to `3600000`. + grantsAlwaysLatest: + type: boolean + description: >- + Controls whether the latest grants are fetched for a + new session. When enabled, grants are retrieved from + Keycloak and cached for the user. The default value + is `false`. + grantsGcPeriodSeconds: + type: integer + minimum: 1 + description: >- + The time, in seconds, between consecutive runs of a + job that cleans stale grants from the cache. The + default value is 300. + grantsMaxIdleTimeSeconds: + type: integer + minimum: 1 + description: >- + The time, in seconds, after which an idle grant can + be evicted from the cache. The default value is 300. grantsRefreshPeriodSeconds: type: integer minimum: 0 @@ -10017,6 +7912,12 @@ spec: The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. initialCacheCapacity: type: integer description: >- @@ -10083,13 +7984,13 @@ spec: description: >- Authorization type. Currently, the supported types are `simple`, `keycloak`, `opa` and `custom`. - `simple` authorization type uses Kafka's - `kafka.security.authorizer.AclAuthorizer` class for - authorization. `keycloak` authorization type uses - Keycloak Authorization Services for authorization. - `opa` authorization type uses Open Policy Agent - based authorization.`custom` authorization type uses - user-provided implementation for authorization. + `simple` authorization type uses Kafka's built-in + authorizer for authorization. `keycloak` + authorization type uses Keycloak Authorization + Services for authorization. `opa` authorization type + uses Open Policy Agent based authorization.`custom` + authorization type uses user-provided implementation + for authorization. url: type: string example: 'http://opa:8181/v1/data/kafka/authz/allow' @@ -10112,7 +8013,7 @@ spec: cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or - MirrorMaker 2.0. + MirrorMaker 2. required: - topologyKey description: Configuration of the `broker.rack` broker config. @@ -10252,6 +8153,13 @@ spec: resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -10286,9 +8194,7 @@ spec: the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the - structure of this configuration, see the - {JMXExporter}. + configuration is stored. required: - type - valueFrom @@ -10323,7 +8229,7 @@ spec: the configuration. description: >- `ConfigMap` entry where the logging configuration is - stored. + stored. required: - type description: Logging configuration for Kafka. @@ -10339,19 +8245,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. podManagementPolicy: type: string @@ -10372,19 +8272,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -10787,8 +8681,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -10874,19 +8767,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -10905,8 +8792,7 @@ spec: `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default - value based on the service type. Available on - Kubernetes 1.20 and newer. + value based on the service type. ipFamilies: type: array items: @@ -10916,10 +8802,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka bootstrap `Service`. brokersService: type: object @@ -10930,19 +8815,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -10961,8 +8840,7 @@ spec: `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default - value based on the service type. Available on - Kubernetes 1.20 and newer. + value based on the service type. ipFamilies: type: array items: @@ -10972,10 +8850,9 @@ spec: - IPv6 description: >- Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If + Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. description: Template for Kafka broker `Service`. externalBootstrapService: type: object @@ -10986,19 +8863,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Service`. perPodService: @@ -11010,19 +8881,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Services` used for @@ -11036,19 +8901,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Route`. perPodRoute: @@ -11060,19 +8919,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Routes` used for access @@ -11086,19 +8939,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Ingress`. perPodIngress: @@ -11110,19 +8957,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Ingress` used for access @@ -11136,19 +8977,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for all Kafka `PersistentVolumeClaims`. podDisruptionBudget: @@ -11160,19 +8995,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. @@ -11349,19 +9178,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: >- Template for Secret with Kafka Cluster certificate @@ -11375,19 +9198,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for the Kafka service account. jmxSecret: @@ -11399,19 +9216,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Cluster JMX @@ -11425,19 +9236,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for the Kafka ClusterRoleBinding. podSet: @@ -11449,25 +9254,19 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. description: Template for Kafka `StrimziPodSet` resource. description: >- Template for Kafka cluster resources. The template - allows users to specify how the `StatefulSet`, `Pods`, - and `Services` are generated. + allows users to specify how the Kubernetes resources are + generated. required: - replicas - listeners @@ -11482,7 +9281,12 @@ spec: description: The number of pods in the cluster. image: type: string - description: The docker image for the pods. + description: >- + The container image used for ZooKeeper pods. If no image + name is explicitly specified, it is determined based on + the Kafka version set in `spec.kafka.version`. The image + names are specifically mapped to corresponding versions + in the Cluster Operator configuration. storage: type: object properties: @@ -11697,6 +9501,13 @@ spec: resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -11731,9 +9542,7 @@ spec: the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the - structure of this configuration, see the - {JMXExporter}. + configuration is stored. required: - type - valueFrom @@ -11768,7 +9577,7 @@ spec: the configuration. description: >- `ConfigMap` entry where the logging configuration is - stored. + stored. required: - type description: Logging configuration for ZooKeeper. @@ -11784,19 +9593,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. podManagementPolicy: type: string @@ -11817,19 +9620,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -12232,8 +10029,7 @@ spec: type: string description: >- The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. + priority to the pods. schedulerName: type: string description: >- @@ -12245,460 +10041,776 @@ spec: items: type: object properties: - hostnames: - type: array - items: - type: string - ip: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for ZooKeeper `Pods`. + clientService: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for ZooKeeper client `Service`. + nodesService: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for ZooKeeper nodes `Service`. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for all ZooKeeper `PersistentVolumeClaims`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is + allowed when the `maxUnavailable` number of pods + or fewer are unavailable after the eviction. + Setting this value to 0 prevents all voluntary + evictions, so the pods must be evicted manually. + Defaults to 1. + description: Template for ZooKeeper `PodDisruptionBudget`. + zookeeperContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: type: string + description: The environment variable value. description: >- - The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be - injected into the Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the ZooKeeper container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the ZooKeeper service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Secret of the Zookeeper Cluster JMX + authentication. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for ZooKeeper `StrimziPodSet` resource. + description: >- + Template for ZooKeeper cluster resources. The template + allows users to specify how the Kubernetes resources are + generated. + required: + - replicas + - storage + description: Configuration of the ZooKeeper cluster. + entityOperator: + type: object + properties: + topicOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the Topic Operator should watch. + image: + type: string + description: The image to use for the Topic Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + startupProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + description: Pod startup checking. + livenessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir - volume (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + timeoutSeconds: + type: integer + minimum: 1 description: >- - Indicates whether information about services - should be injected into Pod's environment - variables. - topologySpreadConstraints: + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + description: Pod readiness checking. + resources: + type: object + properties: + claims: type: array items: type: object properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: + name: type: string - description: The pod's topology spread constraints. - description: Template for ZooKeeper `Pods`. - clientService: + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + topicMetadataMaxAttempts: + type: integer + minimum: 0 + description: The number of attempts at getting topic metadata. + logging: type: object properties: - metadata: + loggers: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - ipFamilyPolicy: + description: A Map from logger name to logger level. + type: type: string enum: - - SingleStack - - PreferDualStack - - RequireDualStack - description: >- - Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, - `PreferDualStack` and `RequireDualStack`. - `SingleStack` is for a single IP family. - `PreferDualStack` is for two IP families on - dual-stack configured clusters or a single IP - family on single-stack clusters. - `RequireDualStack` fails unless there are two IP - families on dual-stack configured clusters. If - unspecified, Kubernetes will choose the default - value based on the service type. Available on - Kubernetes 1.20 and newer. - ipFamilies: - type: array - items: - type: string - enum: - - IPv4 - - IPv6 + - inline + - external description: >- - Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If - unspecified, Kubernetes will choose the default - value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. - description: Template for ZooKeeper client `Service`. - nodesService: - type: object - properties: - metadata: + Logging type, must be either 'inline' or + 'external'. + valueFrom: type: object properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true + configMapKeyRef: type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - ipFamilyPolicy: + Reference to the key in the ConfigMap + containing the configuration. + description: >- + `ConfigMap` entry where the logging + configuration is stored. + required: + - type + description: Logging configuration. + jvmOptions: + type: object + properties: + '-XX': + x-kubernetes-preserve-unknown-fields: true + type: object + description: A map of -XX options to the JVM. + '-Xms': type: string - enum: - - SingleStack - - PreferDualStack - - RequireDualStack + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean description: >- - Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, - `PreferDualStack` and `RequireDualStack`. - `SingleStack` is for a single IP family. - `PreferDualStack` is for two IP families on - dual-stack configured clusters or a single IP - family on single-stack clusters. - `RequireDualStack` fails unless there are two IP - families on dual-stack configured clusters. If - unspecified, Kubernetes will choose the default - value based on the service type. Available on - Kubernetes 1.20 and newer. - ipFamilies: + Specifies whether the Garbage Collection logging + is enabled. The default is false. + javaSystemProperties: type: array items: - type: string - enum: - - IPv4 - - IPv6 + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. description: >- - Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If - unspecified, Kubernetes will choose the default - value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. - description: Template for ZooKeeper nodes `Service`. - persistentVolumeClaim: + A map of additional system properties which will + be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the Topic Operator. + userOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the User Operator should watch. + image: + type: string + description: The image to use for the User Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + secretPrefix: + type: string + description: >- + The prefix that will be added to the KafkaUser name + to be used as the Secret name. + livenessProbe: type: object properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for all ZooKeeper `PersistentVolumeClaims`. - podDisruptionBudget: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: type: object properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + failureThreshold: + type: integer + minimum: 1 description: >- - Metadata to apply to the - `PodDisruptionBudgetTemplate` resource. - maxUnavailable: + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + initialDelaySeconds: type: integer minimum: 0 description: >- - Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is - allowed when the `maxUnavailable` number of pods - or fewer are unavailable after the eviction. - Setting this value to 0 prevents all voluntary - evictions, so the pods must be evicted manually. - Defaults to 1. - description: Template for ZooKeeper `PodDisruptionBudget`. - zookeeperContainer: + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + description: Pod readiness checking. + resources: type: object properties: - env: + claims: type: array items: type: object properties: name: type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + logging: + type: object + properties: + loggers: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external description: >- - Environment variables which should be applied to - the container. - securityContext: + Logging type, must be either 'inline' or + 'external'. + valueFrom: type: object properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: + configMapKeyRef: type: object properties: - gmsaCredentialSpec: + key: type: string - gmsaCredentialSpecName: + name: type: string - hostProcess: + optional: type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the ZooKeeper container. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the ZooKeeper service account. - jmxSecret: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: >- - Template for Secret of the Zookeeper Cluster JMX - authentication. - podSet: + Reference to the key in the ConfigMap + containing the configuration. + description: >- + `ConfigMap` entry where the logging + configuration is stored. + required: + - type + description: Logging configuration. + jvmOptions: type: object properties: - metadata: + '-XX': + x-kubernetes-preserve-unknown-fields: true type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for ZooKeeper `StrimziPodSet` resource. - description: >- - Template for ZooKeeper cluster resources. The template - allows users to specify how the `StatefulSet`, `Pods`, - and `Services` are generated. - required: - - replicas - - storage - description: Configuration of the ZooKeeper cluster. - entityOperator: - type: object - properties: - topicOperator: + description: A map of -XX options to the JVM. + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging + is enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will + be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the User Operator. + tlsSidecar: type: object properties: - watchedNamespace: - type: string - description: The namespace the Topic Operator should watch. image: type: string - description: The image to use for the Topic Operator. - reconciliationIntervalSeconds: - type: integer - minimum: 0 - description: Interval between periodic reconciliations. - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - description: Timeout for the ZooKeeper session. - startupProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is - first checked. Default to 15 seconds. Minimum - value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to - be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum - value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - description: Pod startup checking. + description: The docker image for the container. livenessProbe: type: object properties: @@ -12737,6 +10849,20 @@ spec: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. description: Pod liveness checking. + logLevel: + type: string + enum: + - emerg + - alert + - crit + - err + - warning + - notice + - info + - debug + description: >- + The log level for the TLS sidecar. Default value is + `notice`. readinessProbe: type: object properties: @@ -12778,6 +10904,13 @@ spec: resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -12785,262 +10918,950 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object description: CPU and memory resources to reserve. - topicMetadataMaxAttempts: - type: integer - minimum: 0 - description: The number of attempts at getting topic metadata. - logging: + description: TLS sidecar configuration. + template: + type: object + properties: + deployment: type: object properties: - loggers: - x-kubernetes-preserve-unknown-fields: true + metadata: type: object - description: A Map from logger name to logger level. - type: + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Entity Operator `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: type: string - enum: - - inline - - external description: >- - Logging type, must be either 'inline' or - 'external'. - valueFrom: - type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap - containing the configuration. + ip: + type: string description: >- - `ConfigMap` entry where the logging - configuration is stored. - required: - - type - description: Logging configuration. - jvmOptions: - type: object - properties: - '-XX': - x-kubernetes-preserve-unknown-fields: true - type: object - description: A map of -XX options to the JVM. - '-Xms': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xms option to to the JVM.' - '-Xmx': + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + tmpDirSizeLimit: type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xmx option to to the JVM.' - gcLoggingEnabled: + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + enableServiceLinks: type: boolean description: >- - Specifies whether the Garbage Collection logging - is enabled. The default is false. - javaSystemProperties: + Indicates whether information about services + should be injected into Pod's environment + variables. + topologySpreadConstraints: type: array items: type: object properties: - name: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: type: string - description: The system property name. - value: + nodeTaintsPolicy: type: string - description: The system property value. - description: >- - A map of additional system properties which will - be passed using the `-D` option to the JVM. - description: JVM Options for pods. - description: Configuration of the Topic Operator. - userOperator: - type: object - properties: - watchedNamespace: - type: string - description: The namespace the User Operator should watch. - image: - type: string - description: The image to use for the User Operator. - reconciliationIntervalSeconds: - type: integer - minimum: 0 - description: Interval between periodic reconciliations. - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - description: Timeout for the ZooKeeper session. - secretPrefix: - type: string - description: >- - The prefix that will be added to the KafkaUser name - to be used as the Secret name. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is - first checked. Default to 15 seconds. Minimum - value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to - be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum - value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - description: Pod liveness checking. - readinessProbe: + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Entity Operator `Pods`. + topicOperatorContainer: type: object properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is - first checked. Default to 15 seconds. Minimum - value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to - be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum - value is 1. - timeoutSeconds: - type: integer - minimum: 1 + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. description: >- - The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - description: Pod readiness checking. - resources: - type: object - properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true + Environment variables which should be applied to + the container. + securityContext: type: object - description: CPU and memory resources to reserve. - logging: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Entity Topic Operator container. + userOperatorContainer: type: object properties: - loggers: - x-kubernetes-preserve-unknown-fields: true - type: object - description: A Map from logger name to logger level. - type: - type: string - enum: - - inline - - external + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. description: >- - Logging type, must be either 'inline' or - 'external'. - valueFrom: + Environment variables which should be applied to + the container. + securityContext: type: object properties: - configMapKeyRef: + allowPrivilegeEscalation: + type: boolean + capabilities: type: object properties: - key: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: type: string - name: + role: type: string - optional: + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: type: boolean - description: >- - Reference to the key in the ConfigMap - containing the configuration. - description: >- - `ConfigMap` entry where the logging - configuration is stored. - required: - - type - description: Logging configuration. - jvmOptions: + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Entity User Operator container. + tlsSidecarContainer: type: object properties: - '-XX': - x-kubernetes-preserve-unknown-fields: true - type: object - description: A map of -XX options to the JVM. - '-Xms': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xms option to to the JVM.' - '-Xmx': - type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xmx option to to the JVM.' - gcLoggingEnabled: - type: boolean - description: >- - Specifies whether the Garbage Collection logging - is enabled. The default is false. - javaSystemProperties: + env: type: array items: type: object properties: name: type: string - description: The system property name. + description: The environment variable key. value: type: string - description: The system property value. + description: The environment variable value. description: >- - A map of additional system properties which will - be passed using the `-D` option to the JVM. - description: JVM Options for pods. - description: Configuration of the User Operator. + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Entity Operator TLS sidecar + container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator service account. + entityOperatorRole: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator Role. + topicOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + userOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + description: >- + Template for Entity Operator resources. The template + allows users to specify how a `Deployment` and `Pod` is + generated. + description: Configuration of the Entity Operator. + clusterCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: >- + If true then Certificate Authority certificates will be + generated automatically. Otherwise the user will need to + provide a Secret with the CA certificate. Default is + true. + generateSecretOwnerReference: + type: boolean + description: >- + If `true`, the Cluster and Client CA Secrets are + configured with the `ownerReference` set to the `Kafka` + resource. If the `Kafka` resource is deleted when + `true`, the CA Secrets are also deleted. If `false`, the + `ownerReference` is disabled. If the `Kafka` resource is + deleted when `false`, the CA Secrets are retained and + available for reuse. Default is `true`. + validityDays: + type: integer + minimum: 1 + description: >- + The number of days generated certificates should be + valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: >- + The number of days in the certificate renewal period. + This is the number of days before the a certificate + expires during which renewal actions may be performed. + When `generateCertificateAuthority` is true, this will + cause the generation of a new certificate. When + `generateCertificateAuthority` is true, this will cause + extra logging at WARN level about the pending + certificate expiry. Default is 30. + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: >- + How should CA certificate expiration be handled when + `generateCertificateAuthority=true`. The default is for + a new CA certificate to be generated reusing the + existing private key. + description: Configuration of the cluster certificate authority. + clientsCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: >- + If true then Certificate Authority certificates will be + generated automatically. Otherwise the user will need to + provide a Secret with the CA certificate. Default is + true. + generateSecretOwnerReference: + type: boolean + description: >- + If `true`, the Cluster and Client CA Secrets are + configured with the `ownerReference` set to the `Kafka` + resource. If the `Kafka` resource is deleted when + `true`, the CA Secrets are also deleted. If `false`, the + `ownerReference` is disabled. If the `Kafka` resource is + deleted when `false`, the CA Secrets are retained and + available for reuse. Default is `true`. + validityDays: + type: integer + minimum: 1 + description: >- + The number of days generated certificates should be + valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: >- + The number of days in the certificate renewal period. + This is the number of days before the a certificate + expires during which renewal actions may be performed. + When `generateCertificateAuthority` is true, this will + cause the generation of a new certificate. When + `generateCertificateAuthority` is true, this will cause + extra logging at WARN level about the pending + certificate expiry. Default is 30. + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: >- + How should CA certificate expiration be handled when + `generateCertificateAuthority=true`. The default is for + a new CA certificate to be generated reusing the + existing private key. + description: Configuration of the clients certificate authority. + cruiseControl: + type: object + properties: + image: + type: string + description: >- + The container image used for Cruise Control pods. If no + image name is explicitly specified, the image name + corresponds to the name specified in the Cluster + Operator configuration. If an image name is not defined + in the Cluster Operator configuration, a default value + is used. tlsSidecar: type: object properties: @@ -13140,14 +11961,181 @@ spec: resources: type: object properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + description: TLS sidecar configuration. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + CPU and memory resources to reserve for the Cruise + Control container. + livenessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + description: Pod liveness checking for the Cruise Control container. + readinessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + description: Pod readiness checking for the Cruise Control container. + jvmOptions: + type: object + properties: + '-XX': + x-kubernetes-preserve-unknown-fields: true + type: object + description: A map of -XX options to the JVM. + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for the Cruise Control container. + logging: + type: object + properties: + loggers: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: type: object - description: CPU and memory resources to reserve. - description: TLS sidecar configuration. + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration (Log4j 2) for Cruise Control. template: type: object properties: @@ -13160,19 +12148,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. deploymentStrategy: type: string @@ -13184,7 +12166,7 @@ spec: configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. - description: Template for Entity Operator `Deployment`. + description: Template for Cruise Control `Deployment`. pod: type: object properties: @@ -13194,19 +12176,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -13573,399 +12549,120 @@ spec: properties: key: type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - description: The pod's affinity rules. - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - description: The pod's tolerations. - priorityClassName: - type: string - description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: - type: string - description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler - will be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string - description: >- - The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be - injected into the Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' - description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir - volume (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean - description: >- - Indicates whether information about services - should be injected into Pod's environment - variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for Entity Operator `Pods`. - topicOperatorContainer: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the Entity Topic Operator container. - userOperatorContainer: - type: object - properties: - env: + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: type: array items: type: object properties: - name: + effect: type: string - description: The environment variable key. + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer value: type: string - description: The environment variable value. + description: The pod's tolerations. + priorityClassName: + type: string description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the Entity User Operator container. - tlsSidecarContainer: - type: object - properties: - env: + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: type: array items: type: object properties: - name: - type: string - description: The environment variable key. - value: + hostnames: + type: array + items: + type: string + ip: type: string - description: The environment variable value. description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: type: string - description: Security context for the container. - description: >- - Template for the Entity Operator TLS sidecar - container. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the Entity Operator service account. - entityOperatorRole: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the Entity Operator Role. - topicOperatorRoleBinding: + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Cruise Control `Pods`. + apiService: type: object properties: metadata: @@ -13974,22 +12671,46 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. - description: Template for the Entity Topic Operator RoleBinding. - userOperatorRoleBinding: + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Cruise Control API `Service`. + podDisruptionBudget: type: object properties: metadata: @@ -13998,390 +12719,469 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the Entity Topic Operator RoleBinding. - description: >- - Template for Entity Operator resources. The template - allows users to specify how a `Deployment` and `Pod` is - generated. - description: Configuration of the Entity Operator. - clusterCa: - type: object - properties: - generateCertificateAuthority: - type: boolean - description: >- - If true then Certificate Authority certificates will be - generated automatically. Otherwise the user will need to - provide a Secret with the CA certificate. Default is - true. - generateSecretOwnerReference: - type: boolean - description: >- - If `true`, the Cluster and Client CA Secrets are - configured with the `ownerReference` set to the `Kafka` - resource. If the `Kafka` resource is deleted when - `true`, the CA Secrets are also deleted. If `false`, the - `ownerReference` is disabled. If the `Kafka` resource is - deleted when `false`, the CA Secrets are retained and - available for reuse. Default is `true`. - validityDays: - type: integer - minimum: 1 - description: >- - The number of days generated certificates should be - valid for. The default is 365. - renewalDays: - type: integer - minimum: 1 - description: >- - The number of days in the certificate renewal period. - This is the number of days before the a certificate - expires during which renewal actions may be performed. - When `generateCertificateAuthority` is true, this will - cause the generation of a new certificate. When - `generateCertificateAuthority` is true, this will cause - extra logging at WARN level about the pending - certificate expiry. Default is 30. - certificateExpirationPolicy: - type: string - enum: - - renew-certificate - - replace-key - description: >- - How should CA certificate expiration be handled when - `generateCertificateAuthority=true`. The default is for - a new CA certificate to be generated reusing the - existing private key. - description: Configuration of the cluster certificate authority. - clientsCa: - type: object - properties: - generateCertificateAuthority: - type: boolean - description: >- - If true then Certificate Authority certificates will be - generated automatically. Otherwise the user will need to - provide a Secret with the CA certificate. Default is - true. - generateSecretOwnerReference: - type: boolean - description: >- - If `true`, the Cluster and Client CA Secrets are - configured with the `ownerReference` set to the `Kafka` - resource. If the `Kafka` resource is deleted when - `true`, the CA Secrets are also deleted. If `false`, the - `ownerReference` is disabled. If the `Kafka` resource is - deleted when `false`, the CA Secrets are retained and - available for reuse. Default is `true`. - validityDays: - type: integer - minimum: 1 - description: >- - The number of days generated certificates should be - valid for. The default is 365. - renewalDays: - type: integer - minimum: 1 - description: >- - The number of days in the certificate renewal period. - This is the number of days before the a certificate - expires during which renewal actions may be performed. - When `generateCertificateAuthority` is true, this will - cause the generation of a new certificate. When - `generateCertificateAuthority` is true, this will cause - extra logging at WARN level about the pending - certificate expiry. Default is 30. - certificateExpirationPolicy: - type: string - enum: - - renew-certificate - - replace-key - description: >- - How should CA certificate expiration be handled when - `generateCertificateAuthority=true`. The default is for - a new CA certificate to be generated reusing the - existing private key. - description: Configuration of the clients certificate authority. - cruiseControl: - type: object - properties: - image: - type: string - description: The docker image for the pods. - tlsSidecar: - type: object - properties: - image: - type: string - description: The docker image for the container. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 + Annotations added to the Kubernetes + resource. description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - initialDelaySeconds: + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: type: integer minimum: 0 description: >- - The initial delay before first the health is - first checked. Default to 15 seconds. Minimum - value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to - be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum - value is 1. - timeoutSeconds: - type: integer - minimum: 1 + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is + allowed when the `maxUnavailable` number of pods + or fewer are unavailable after the eviction. + Setting this value to 0 prevents all voluntary + evictions, so the pods must be evicted manually. + Defaults to 1. + description: Template for Cruise Control `PodDisruptionBudget`. + cruiseControlContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. description: >- - The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - description: Pod liveness checking. - logLevel: - type: string - enum: - - emerg - - alert - - crit - - err - - warning - - notice - - info - - debug - description: >- - The log level for the TLS sidecar. Default value is - `notice`. - readinessProbe: + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Cruise Control container. + tlsSidecarContainer: type: object properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is - first checked. Default to 15 seconds. Minimum - value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to - be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum - value is 1. - timeoutSeconds: - type: integer - minimum: 1 + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. description: >- - The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - description: Pod readiness checking. - resources: + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Cruise Control TLS sidecar + container. + serviceAccount: type: object properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true + metadata: type: object - description: CPU and memory resources to reserve. - description: TLS sidecar configuration. - resources: - type: object - properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true - type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Cruise Control service account. description: >- - CPU and memory resources to reserve for the Cruise - Control container. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 - description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 - description: >- - The timeout for each attempted health check. Default - to 5 seconds. Minimum value is 1. - description: Pod liveness checking for the Cruise Control container. - readinessProbe: + Template to specify how Cruise Control resources, + `Deployments` and `Pods`, are generated. + brokerCapacity: type: object properties: - failureThreshold: - type: integer - minimum: 1 + disk: + type: string + pattern: '^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$' description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - initialDelaySeconds: + Broker capacity for disk in bytes. Use a number + value with either standard Kubernetes byte units (K, + M, G, or T), their bibyte (power of two) equivalents + (Ki, Mi, Gi, or Ti), or a byte value with or without + E notation. For example, 100000M, 100000Mi, + 104857600000, or 1e+11. + cpuUtilization: type: integer minimum: 0 + maximum: 100 description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 + Broker capacity for CPU resource utilization as a + percentage (0 - 100). + cpu: + type: string + pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' description: >- - The timeout for each attempted health check. Default - to 5 seconds. Minimum value is 1. - description: Pod readiness checking for the Cruise Control container. - jvmOptions: - type: object - properties: - '-XX': - x-kubernetes-preserve-unknown-fields: true - type: object - description: A map of -XX options to the JVM. - '-Xms': + Broker capacity for CPU resource in cores or + millicores. For example, 1, 1.500, 1500m. For more + information on valid CPU resource units see + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. + inboundNetwork: type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xms option to to the JVM.' - '-Xmx': + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for inbound network throughput in + bytes per second. Use an integer value with standard + Kubernetes byte units (K, M, G) or their bibyte + (power of two) equivalents (Ki, Mi, Gi) per second. + For example, 10000KiB/s. + outboundNetwork: type: string - pattern: '^[0-9]+[mMgG]?$' - description: '-Xmx option to to the JVM.' - gcLoggingEnabled: - type: boolean + pattern: '^[0-9]+([KMG]i?)?B/s$' description: >- - Specifies whether the Garbage Collection logging is - enabled. The default is false. - javaSystemProperties: + Broker capacity for outbound network throughput in + bytes per second. Use an integer value with standard + Kubernetes byte units (K, M, G) or their bibyte + (power of two) equivalents (Ki, Mi, Gi) per second. + For example, 10000KiB/s. + overrides: type: array items: type: object properties: - name: + brokers: + type: array + items: + type: integer + description: List of Kafka brokers (broker identifiers). + cpu: type: string - description: The system property name. - value: + pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' + description: >- + Broker capacity for CPU resource in cores or + millicores. For example, 1, 1.500, 1500m. For + more information on valid CPU resource units + see + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. + inboundNetwork: type: string - description: The system property value. + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for inbound network throughput + in bytes per second. Use an integer value with + standard Kubernetes byte units (K, M, G) or + their bibyte (power of two) equivalents (Ki, + Mi, Gi) per second. For example, 10000KiB/s. + outboundNetwork: + type: string + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for outbound network + throughput in bytes per second. Use an integer + value with standard Kubernetes byte units (K, + M, G) or their bibyte (power of two) + equivalents (Ki, Mi, Gi) per second. For + example, 10000KiB/s. + required: + - brokers description: >- - A map of additional system properties which will be - passed using the `-D` option to the JVM. - description: JVM Options for the Cruise Control container. - logging: + Overrides for individual brokers. The `overrides` + property lets you specify a different capacity + configuration for different brokers. + description: The Cruise Control `brokerCapacity` configuration. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Cruise Control configuration. For a full list of + configuration options refer to + https://github.com/linkedin/cruise-control/wiki/Configurations. + Note that properties with the following prefixes cannot + be set: bootstrap.servers, client.id, zookeeper., + network., security., + failed.brokers.zk.path,webserver.http., + webserver.api.urlprefix, webserver.session.path, + webserver.accesslog., two.step., + request.reason.required,metric.reporter.sampler.bootstrap.servers, + capacity.config.file, self.healing., ssl., + kafka.broker.failure.detection.enable, + topic.config.provider.class (with the exception of: + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, + webserver.http.cors.enabled, webserver.http.cors.origin, + webserver.http.cors.exposeheaders, + webserver.security.enable, webserver.ssl.enable). + metricsConfig: type: object properties: - loggers: - x-kubernetes-preserve-unknown-fields: true - type: object - description: A Map from logger name to logger level. type: type: string enum: - - inline - - external - description: 'Logging type, must be either ''inline'' or ''external''.' + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. valueFrom: type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap containing - the configuration. - description: >- - `ConfigMap` entry where the logging configuration is - stored. - required: - - type - description: Logging configuration (Log4j 2) for Cruise Control. + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + description: >- + Configuration for Cruise Control deployment. Deploys a + Cruise Control instance when specified. + jmxTrans: + type: object + properties: + image: + type: string + description: The image to use for the JmxTrans. + outputDefinitions: + type: array + items: + type: object + properties: + outputType: + type: string + description: >- + Template for setting the format of the data that + will be pushed.For more information see + https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans + OutputWriters]. + host: + type: string + description: >- + The DNS/hostname of the remote host that the data + is pushed to. + port: + type: integer + description: >- + The port of the remote host that the data is + pushed to. + flushDelayInSeconds: + type: integer + description: >- + How many seconds the JmxTrans waits before pushing + a new set of data out. + typeNames: + type: array + items: + type: string + description: >- + Template for filtering data to be included in + response to a wildcard query. For more information + see + https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans + queries]. + name: + type: string + description: >- + Template for setting the name of the output + definition. This is used to identify where to send + the results of queries should be sent. + required: + - outputType + - name + description: >- + Defines the output hosts that will be referenced later + on. For more information on these properties see, + xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` + schema reference]. + logLevel: + type: string + description: >- + Sets the logging level of the JmxTrans deployment.For + more information see, + https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans + Logging Level]. + kafkaQueries: + type: array + items: + type: object + properties: + targetMBean: + type: string + description: >- + If using wildcards instead of a specific MBean + then the data is gathered from multiple MBeans. + Otherwise if specifying an MBean then data is + gathered from that specified MBean. + attributes: + type: array + items: + type: string + description: >- + Determine which attributes of the targeted MBean + should be included. + outputs: + type: array + items: + type: string + description: >- + List of the names of output definitions specified + in the spec.kafka.jmxTrans.outputDefinitions that + have defined where JMX metrics are pushed to, and + in which data format. + required: + - targetMBean + - attributes + - outputs + description: >- + Queries to send to the Kafka brokers to define what data + should be read from each broker. For more information on + these properties see, + xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` + schema reference]. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. template: type: object properties: @@ -14394,19 +13194,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. deploymentStrategy: type: string @@ -14418,7 +13212,7 @@ spec: configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. - description: Template for Cruise Control `Deployment`. + description: Template for JmxTrans `Deployment`. pod: type: object properties: @@ -14428,19 +13222,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -14833,264 +13621,94 @@ spec: key: type: string operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - description: The pod's tolerations. - priorityClassName: - type: string - description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: - type: string - description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler - will be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string - description: >- - The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be - injected into the Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' - description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir - volume (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean - description: >- - Indicates whether information about services - should be injected into Pod's environment - variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for Cruise Control `Pods`. - apiService: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - ipFamilyPolicy: - type: string - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - description: >- - Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, - `PreferDualStack` and `RequireDualStack`. - `SingleStack` is for a single IP family. - `PreferDualStack` is for two IP families on - dual-stack configured clusters or a single IP - family on single-stack clusters. - `RequireDualStack` fails unless there are two IP - families on dual-stack configured clusters. If - unspecified, Kubernetes will choose the default - value based on the service type. Available on - Kubernetes 1.20 and newer. - ipFamilies: - type: array - items: - type: string - enum: - - IPv4 - - IPv6 - description: >- - Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If - unspecified, Kubernetes will choose the default - value based on the `ipFamilyPolicy` setting. - Available on Kubernetes 1.20 and newer. - description: Template for Cruise Control API `Service`. - podDisruptionBudget: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: >- - Metadata to apply to the - `PodDisruptionBudgetTemplate` resource. - maxUnavailable: - type: integer - minimum: 0 - description: >- - Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is - allowed when the `maxUnavailable` number of pods - or fewer are unavailable after the eviction. - Setting this value to 0 prevents all voluntary - evictions, so the pods must be evicted manually. - Defaults to 1. - description: Template for Cruise Control `PodDisruptionBudget`. - cruiseControlContainer: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: type: string - hostProcess: - type: boolean - runAsUserName: + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: type: string - description: Security context for the container. - description: Template for the Cruise Control container. - tlsSidecarContainer: + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for JmxTrans `Pods`. + container: type: object properties: env: @@ -15165,290 +13783,72 @@ spec: runAsUserName: type: string description: Security context for the container. - description: >- - Template for the Cruise Control TLS sidecar - container. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the Cruise Control service account. - description: >- - Template to specify how Cruise Control resources, - `Deployments` and `Pods`, are generated. - brokerCapacity: - type: object - properties: - disk: - type: string - pattern: '^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$' - description: >- - Broker capacity for disk in bytes. Use a number - value with either standard Kubernetes byte units (K, - M, G, or T), their bibyte (power of two) equivalents - (Ki, Mi, Gi, or Ti), or a byte value with or without - E notation. For example, 100000M, 100000Mi, - 104857600000, or 1e+11. - cpuUtilization: - type: integer - minimum: 0 - maximum: 100 - description: >- - Broker capacity for CPU resource utilization as a - percentage (0 - 100). - cpu: - type: string - pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' - description: >- - Broker capacity for CPU resource in cores or - millicores. For example, 1, 1.500, 1500m. For more - information on valid CPU resource units see - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. - inboundNetwork: - type: string - pattern: '^[0-9]+([KMG]i?)?B/s$' - description: >- - Broker capacity for inbound network throughput in - bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte - (power of two) equivalents (Ki, Mi, Gi) per second. - For example, 10000KiB/s. - outboundNetwork: - type: string - pattern: '^[0-9]+([KMG]i?)?B/s$' - description: >- - Broker capacity for outbound network throughput in - bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte - (power of two) equivalents (Ki, Mi, Gi) per second. - For example, 10000KiB/s. - overrides: - type: array - items: - type: object - properties: - brokers: - type: array - items: - type: integer - description: List of Kafka brokers (broker identifiers). - cpu: - type: string - pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' - description: >- - Broker capacity for CPU resource in cores or - millicores. For example, 1, 1.500, 1500m. For - more information on valid CPU resource units - see - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. - inboundNetwork: - type: string - pattern: '^[0-9]+([KMG]i?)?B/s$' - description: >- - Broker capacity for inbound network throughput - in bytes per second. Use an integer value with - standard Kubernetes byte units (K, M, G) or - their bibyte (power of two) equivalents (Ki, - Mi, Gi) per second. For example, 10000KiB/s. - outboundNetwork: - type: string - pattern: '^[0-9]+([KMG]i?)?B/s$' - description: >- - Broker capacity for outbound network - throughput in bytes per second. Use an integer - value with standard Kubernetes byte units (K, - M, G) or their bibyte (power of two) - equivalents (Ki, Mi, Gi) per second. For - example, 10000KiB/s. - required: - - brokers - description: >- - Overrides for individual brokers. The `overrides` - property lets you specify a different capacity - configuration for different brokers. - description: The Cruise Control `brokerCapacity` configuration. - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - The Cruise Control configuration. For a full list of - configuration options refer to - https://github.com/linkedin/cruise-control/wiki/Configurations. - Note that properties with the following prefixes cannot - be set: bootstrap.servers, client.id, zookeeper., - network., security., - failed.brokers.zk.path,webserver.http., - webserver.api.urlprefix, webserver.session.path, - webserver.accesslog., two.step., - request.reason.required,metric.reporter.sampler.bootstrap.servers, - capacity.config.file, self.healing., ssl., - kafka.broker.failure.detection.enable, - topic.config.provider.class (with the exception of: - ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, - webserver.http.cors.enabled, webserver.http.cors.origin, - webserver.http.cors.exposeheaders, - webserver.security.enable, webserver.ssl.enable). - metricsConfig: - type: object - properties: - type: - type: string - enum: - - jmxPrometheusExporter - description: >- - Metrics type. Only 'jmxPrometheusExporter' supported - currently. - valueFrom: - type: object - properties: - configMapKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Reference to the key in the ConfigMap containing - the configuration. - description: >- - ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the - structure of this configuration, see the - {JMXExporter}. - required: - - type - - valueFrom - description: Metrics configuration. + description: Template for JmxTrans container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the JmxTrans service account. + description: Template for JmxTrans resources. + required: + - outputDefinitions + - kafkaQueries description: >- - Configuration for Cruise Control deployment. Deploys a - Cruise Control instance when specified. - jmxTrans: + As of Strimzi 0.35.0, JMXTrans is not supported anymore and + this option is ignored. + kafkaExporter: type: object properties: image: type: string - description: The image to use for the JmxTrans. - outputDefinitions: - type: array - items: - type: object - properties: - outputType: - type: string - description: >- - Template for setting the format of the data that - will be pushed.For more information see - https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans - OutputWriters]. - host: - type: string - description: >- - The DNS/hostname of the remote host that the data - is pushed to. - port: - type: integer - description: >- - The port of the remote host that the data is - pushed to. - flushDelayInSeconds: - type: integer - description: >- - How many seconds the JmxTrans waits before pushing - a new set of data out. - typeNames: - type: array - items: - type: string - description: >- - Template for filtering data to be included in - response to a wildcard query. For more information - see - https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans - queries]. - name: - type: string - description: >- - Template for setting the name of the output - definition. This is used to identify where to send - the results of queries should be sent. - required: - - outputType - - name description: >- - Defines the output hosts that will be referenced later - on. For more information on these properties see, - xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` - schema reference]. - logLevel: + The container image used for the Kafka Exporter pods. If + no image name is explicitly specified, the image name + corresponds to the version specified in the Cluster + Operator configuration. If an image name is not defined + in the Cluster Operator configuration, a default value + is used. + groupRegex: type: string description: >- - Sets the logging level of the JmxTrans deployment.For - more information see, - https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans - Logging Level]. - kafkaQueries: - type: array - items: - type: object - properties: - targetMBean: - type: string - description: >- - If using wildcards instead of a specific MBean - then the data is gathered from multiple MBeans. - Otherwise if specifying an MBean then data is - gathered from that specified MBean. - attributes: - type: array - items: - type: string - description: >- - Determine which attributes of the targeted MBean - should be included. - outputs: - type: array - items: - type: string - description: >- - List of the names of output definitions specified - in the spec.kafka.jmxTrans.outputDefinitions that - have defined where JMX metrics are pushed to, and - in which data format. - required: - - targetMBean - - attributes - - outputs + Regular expression to specify which consumer groups to + collect. Default value is `.*`. + topicRegex: + type: string description: >- - Queries to send to the Kafka brokers to define what data - should be read from each broker. For more information on - these properties see, - xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` - schema reference]. + Regular expression to specify which topics to collect. + Default value is `.*`. + groupExcludeRegex: + type: string + description: >- + Regular expression to specify which consumer groups to + exclude. + topicExcludeRegex: + type: string + description: Regular expression to specify which topics to exclude. resources: type: object properties: + claims: + type: array + items: + type: object + properties: + name: + type: string limits: x-kubernetes-preserve-unknown-fields: true type: object @@ -15456,6 +13856,17 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object description: CPU and memory resources to reserve. + logging: + type: string + description: >- + Only log messages with the given severity or above. + Valid levels: [`info`, `debug`, `trace`]. Default log + level is `info`. + enableSaramaLogging: + type: boolean + description: >- + Enable Sarama logging, a Go client library used by the + Kafka Exporter. template: type: object properties: @@ -15468,19 +13879,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. deploymentStrategy: type: string @@ -15492,7 +13897,7 @@ spec: configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. - description: Template for JmxTrans `Deployment`. + description: Template for Kafka Exporter `Deployment`. pod: type: object properties: @@ -15502,19 +13907,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. + Annotations added to the Kubernetes + resource. description: Metadata applied to the resource. imagePullSecrets: type: array @@ -15902,533 +14301,1457 @@ spec: items: type: object properties: - effect: - type: string - key: - type: string - operator: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Kafka Exporter `Pods`. + service: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka Exporter `Service`. + container: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: type: string - tolerationSeconds: - type: integer + description: The environment variable key. value: type: string - description: The pod's tolerations. - priorityClassName: + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Exporter container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Kafka Exporter service account. + description: Customization of deployment templates and pods. + livenessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + description: Pod liveness check. + readinessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + description: Pod readiness check. + description: >- + Configuration of the Kafka Exporter. Kafka Exporter can + provide additional metrics, for example lag of consumer + group at topic/partition. + maintenanceTimeWindows: + type: array + items: + type: string + description: >- + A list of time windows for maintenance tasks (that is, + certificates renewal). Each time window is defined by a cron + expression. + required: + - kafka + - zookeeper + description: >- + The specification of the Kafka and ZooKeeper clusters, and Topic + Operator. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + listeners: + type: array + items: + type: object + properties: + type: + type: string + description: The name of the listener. + name: + type: string + description: The name of the listener. + addresses: + type: array + items: + type: object + properties: + host: + type: string + description: >- + The DNS name or IP address of the Kafka + bootstrap service. + port: + type: integer + description: The port of the Kafka bootstrap service. + description: A list of the addresses for this listener. + bootstrapServers: + type: string + description: >- + A comma-separated list of `host:port` pairs for + connecting to the Kafka cluster using this listener. + certificates: + type: array + items: + type: string + description: >- + A list of TLS certificates which can be used to verify + the identity of the server when connecting to the + given listener. Set only for `tls` and `external` + listeners. + description: Addresses of the internal and external listeners. + kafkaNodePools: + type: array + items: + type: object + properties: + name: + type: string + description: >- + The name of the KafkaNodePool used by this Kafka + resource. + description: List of the KafkaNodePools used by this Kafka cluster. + clusterId: + type: string + description: Kafka cluster Id. + operatorLastSuccessfulVersion: + type: string + description: >- + The version of the Strimzi Cluster Operator which performed + the last successful reconciliation. + kafkaVersion: + type: string + description: The version of Kafka currently deployed in the cluster. + kafkaMetadataVersion: + type: string + description: >- + The KRaft metadata.version currently used by the Kafka + cluster. + description: >- + The status of the Kafka and ZooKeeper clusters, and Topic + Operator. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-leader-election + labels: + app: strimzi +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - strimzi-cluster-operator + verbs: + - get + - list + - watch + - delete + - patch + - update + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkamirrormakers.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaMirrorMaker + listKind: KafkaMirrorMakerList + singular: kafkamirrormaker + plural: kafkamirrormakers + shortNames: + - kmm + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of Kafka MirrorMaker replicas + jsonPath: .spec.replicas + type: integer + - name: Consumer Bootstrap Servers + description: The boostrap servers for the consumer + jsonPath: .spec.consumer.bootstrapServers + type: string + priority: 1 + - name: Producer Bootstrap Servers + description: The boostrap servers for the producer + jsonPath: .spec.producer.bootstrapServers + type: string + priority: 1 + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + version: + type: string + description: >- + The Kafka MirrorMaker version. Defaults to the latest + version. Consult the documentation to understand the process + required to upgrade or downgrade the version. + replicas: + type: integer + minimum: 0 + description: The number of pods in the `Deployment`. + image: + type: string + description: >- + The container image used for Kafka MirrorMaker pods. If no + image name is explicitly specified, it is determined based + on the `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. + consumer: + type: object + properties: + numStreams: + type: integer + minimum: 1 + description: >- + Specifies the number of consumer stream threads to + create. + offsetCommitInterval: + type: integer + description: >- + Specifies the offset auto-commit interval in ms. Default + value is 60000. + bootstrapServers: + type: string + description: >- + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + groupId: + type: string + description: >- + A unique string that identifies the consumer group this + consumer belongs to. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access + token which was obtained from the authorization + server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as + JWT. This should be set to `false` if the + authorization server returns opaque tokens. Defaults + to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against + the authorization server. Some authorization servers + require the audience to be explicitly set. The + possible values depend on how the authorization + server is configured. By default, `audience` is not + specified when performing the token endpoint + request. + certificateAndKey: + type: object + properties: + certificate: + type: string + description: The name of the file certificate in the Secret. + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - key + - secretName + description: >- + Reference to the `Secret` which holds the + certificate and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the default + is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP + request. If not set, the default is to not pause at + all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to + the specified number of seconds. This should be set + if the authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + password: type: string description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: + The name of the key in the Secret under which + the password is stored. + secretName: + type: string + description: The name of the Secret containing the password. + required: + - password + - secretName + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: type: string description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler - will be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string description: >- - The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be - injected into the Pod's hosts file if specified. - tmpDirSizeLimit: + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh + token which can be used to obtain access token from + the authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers + require this to be set. The possible values depend + on how authorization server is configured. By + default `scope` is not specified when doing the + token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - secretName + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types + are `tls`, `scram-sha-256`, `scram-sha-512`, + `plain`, and 'oauth'. `scram-sha-256` and + `scram-sha-512` types use SASL SCRAM-SHA-256 and + SASL SCRAM-SHA-512 Authentication, respectively. + `plain` type uses SASL PLAIN Authentication. `oauth` + type uses SASL OAUTHBEARER Authentication. The `tls` + type uses TLS Client Authentication. The `tls` type + is supported only over TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: >- + Authentication configuration for connecting to the + cluster. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The MirrorMaker consumer config. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, group.id, sasl., security., + interceptor.classes (with the exception of: + ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - secretName + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting MirrorMaker to the + cluster. + required: + - bootstrapServers + - groupId + description: Configuration of source cluster. + producer: + type: object + properties: + bootstrapServers: + type: string + description: >- + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + abortOnSendFailure: + type: boolean + description: >- + Flag to set the MirrorMaker to exit on a failed send. + Default value is `true`. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access + token which was obtained from the authorization + server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as + JWT. This should be set to `false` if the + authorization server returns opaque tokens. Defaults + to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against + the authorization server. Some authorization servers + require the audience to be explicitly set. The + possible values depend on how the authorization + server is configured. By default, `audience` is not + specified when performing the token endpoint + request. + certificateAndKey: + type: object + properties: + certificate: + type: string + description: The name of the file certificate in the Secret. + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - key + - secretName + description: >- + Reference to the `Secret` which holds the + certificate and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + clientSecret: + type: object + properties: + key: type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir - volume (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string description: >- - Indicates whether information about services - should be injected into Pod's environment - variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for JmxTrans `Pods`. - container: + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the default + is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP + request. If not set, the default is to not pause at + all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to + the specified number of seconds. This should be set + if the authorization server returns opaque tokens. + passwordSecret: type: object properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. + password: + type: string description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for JmxTrans container. - serviceAccount: + The name of the key in the Secret under which + the password is stored. + secretName: + type: string + description: The name of the Secret containing the password. + required: + - password + - secretName + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: type: object properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the JmxTrans service account. - description: Template for JmxTrans resources. + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh + token which can be used to obtain access token from + the authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers + require this to be set. The possible values depend + on how authorization server is configured. By + default `scope` is not specified when doing the + token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - secretName + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types + are `tls`, `scram-sha-256`, `scram-sha-512`, + `plain`, and 'oauth'. `scram-sha-256` and + `scram-sha-512` types use SASL SCRAM-SHA-256 and + SASL SCRAM-SHA-512 Authentication, respectively. + `plain` type uses SASL PLAIN Authentication. `oauth` + type uses SASL OAUTHBEARER Authentication. The `tls` + type uses TLS Client Authentication. The `tls` type + is supported only over TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: >- + Authentication configuration for connecting to the + cluster. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The MirrorMaker producer config. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, sasl., security., interceptor.classes + (with the exception of: + ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + required: + - certificate + - secretName + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting MirrorMaker to the + cluster. required: - - outputDefinitions - - kafkaQueries + - bootstrapServers + description: Configuration of target cluster. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + whitelist: + type: string description: >- - Configuration for JmxTrans. When the property is present a - JmxTrans deployment is created for gathering JMX metrics - from each Kafka broker. For more information see - https://github.com/jmxtrans/jmxtrans[JmxTrans GitHub]. - kafkaExporter: + List of topics which are included for mirroring. This option + allows any regular expression using Java-style regular + expressions. Mirroring two topics named A and B is achieved + by using the expression `A\|B`. Or, as a special case, you + can mirror all topics using the regular expression `*`. You + can also specify multiple regular expressions separated by + commas. + include: + type: string + description: >- + List of topics which are included for mirroring. This option + allows any regular expression using Java-style regular + expressions. Mirroring two topics named A and B is achieved + by using the expression `A\|B`. Or, as a special case, you + can mirror all topics using the regular expression `*`. You + can also specify multiple regular expressions separated by + commas. + jvmOptions: type: object properties: - image: + '-XX': + x-kubernetes-preserve-unknown-fields: true + type: object + description: A map of -XX options to the JVM. + '-Xms': type: string - description: The docker image for the pods. - groupRegex: + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean description: >- - Regular expression to specify which consumer groups to - collect. Default value is `.*`. - topicRegex: - type: string + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. description: >- - Regular expression to specify which topics to collect. - Default value is `.*`. - resources: + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + logging: + type: object + properties: + loggers: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: type: object properties: - limits: - x-kubernetes-preserve-unknown-fields: true - type: object - requests: - x-kubernetes-preserve-unknown-fields: true + configMapKeyRef: type: object - description: CPU and memory resources to reserve. - logging: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for MirrorMaker. + metricsConfig: + type: object + properties: + type: type: string + enum: + - jmxPrometheusExporter description: >- - Only log messages with the given severity or above. - Valid levels: [`info`, `debug`, `trace`]. Default log - level is `info`. - enableSaramaLogging: - type: boolean + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. description: >- - Enable Sarama logging, a Go client library used by the - Kafka Exporter. - template: + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + tracing: + type: object + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka MirrorMaker. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka MirrorMaker `Deployment`. + pod: type: object properties: - deployment: + metadata: type: object properties: - metadata: + labels: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - deploymentStrategy: - type: string - enum: - - RollingUpdate - - Recreate - description: >- - Pod replacement strategy for deployment - configuration changes. Valid values are - `RollingUpdate` and `Recreate`. Defaults to - `RollingUpdate`. - description: Template for Kafka Exporter `Deployment`. - pod: + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: type: object properties: - metadata: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: type: object properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - imagePullSecrets: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: type: array items: type: object properties: name: type: string - description: >- - List of references to secrets in the same - namespace to use for pulling any of the images - used by this Pod. When the - `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the - `imagePullSecrets` option are specified, only - the `imagePullSecrets` variable is used and the - `STRIMZI_IMAGE_PULL_SECRETS` variable is - ignored. - securityContext: + value: + type: string + windowsOptions: type: object properties: - fsGroup: - type: integer - fsGroupChangePolicy: + gmsaCredentialSpec: type: string - runAsGroup: - type: integer - runAsNonRoot: + gmsaCredentialSpecName: + type: string + hostProcess: type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - supplementalGroups: - type: array - items: - type: integer - sysctls: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: >- - Configures pod-level security attributes and - common container settings. - terminationGracePeriodSeconds: - type: integer - minimum: 0 - description: >- - The grace period is the duration in seconds - after the processes running in the pod are sent - a termination signal, and the time when the - processes are forcibly halted with a kill - signal. Set this value to longer than the - expected cleanup time for your process. Value - must be a non-negative integer. A zero value - indicates delete immediately. You might need to - increase the grace period for very large Kafka - clusters, so that the Kafka brokers have enough - time to transfer their work to another broker - before they are terminated. Defaults to 30 - seconds. - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchFields: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: type: object properties: - preferredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: type: array items: type: object properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: type: object properties: labelSelector: @@ -16475,66 +15798,66 @@ spec: type: string topologyKey: type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: type: object properties: - podAffinityTerm: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - type: array - items: + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: type: object properties: labelSelector: @@ -16581,571 +15904,363 @@ spec: type: string topologyKey: type: string - description: The pod's affinity rules. - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - description: The pod's tolerations. - priorityClassName: - type: string - description: >- - The name of the priority class used to assign - priority to the pods. For more information about - priority classes, see {K8sPriorityClass}. - schedulerName: - type: string - description: >- - The name of the scheduler used to dispatch this - `Pod`. If not specified, the default scheduler - will be used. - hostAliases: - type: array - items: - type: object - properties: - hostnames: - type: array - items: - type: string - ip: - type: string - description: >- - The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be - injected into the Pod's hosts file if specified. - tmpDirSizeLimit: - type: string - pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' - description: >- - Defines the total amount (for example `1Gi`) of - local storage required for temporary EmptyDir - volume (`/tmp`). Default value is `5Mi`. - enableServiceLinks: - type: boolean - description: >- - Indicates whether information about services - should be injected into Pod's environment - variables. - topologySpreadConstraints: - type: array - items: - type: object - properties: - labelSelector: + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: type: object properties: - matchExpressions: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: type: array items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - type: array - items: - type: string - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - description: The pod's topology spread constraints. - description: Template for Kafka Exporter `Pods`. - service: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for Kafka Exporter `Service`. - container: - type: object - properties: - env: - type: array - items: - type: object - properties: - name: - type: string - description: The environment variable key. - value: - type: string - description: The environment variable value. - description: >- - Environment variables which should be applied to - the container. - securityContext: - type: object - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - type: object - properties: - add: - type: array - items: - type: string - drop: - type: array - items: - type: string - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - type: object - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - seccompProfile: - type: object - properties: - localhostProfile: - type: string - type: - type: string - windowsOptions: - type: object - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - description: Security context for the container. - description: Template for the Kafka Exporter container. - serviceAccount: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. - Can be applied to different resources such - as `StatefulSets`, `Deployments`, `Pods`, - and `Services`. - description: Metadata applied to the resource. - description: Template for the Kafka Exporter service account. - description: Customization of deployment templates and pods. - livenessProbe: - type: object - properties: - failureThreshold: - type: integer - minimum: 1 + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: + type: string description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - initialDelaySeconds: - type: integer - minimum: 0 + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string description: >- - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean description: >- - The timeout for each attempted health check. Default - to 5 seconds. Minimum value is 1. - description: Pod liveness check. - readinessProbe: + Indicates whether information about services should + be injected into Pod's environment variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Kafka MirrorMaker `Pods`. + podDisruptionBudget: type: object properties: - failureThreshold: - type: integer - minimum: 1 + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. description: >- - Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - initialDelaySeconds: + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: type: integer minimum: 0 description: >- - The initial delay before first the health is first - checked. Default to 15 seconds. Minimum value is 0. - periodSeconds: - type: integer - minimum: 1 - description: >- - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - successThreshold: - type: integer - minimum: 1 - description: >- - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - timeoutSeconds: - type: integer - minimum: 1 + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka MirrorMaker `PodDisruptionBudget`. + mirrorMakerContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. description: >- - The timeout for each attempted health check. Default - to 5 seconds. Minimum value is 1. - description: Pod readiness check. - description: >- - Configuration of the Kafka Exporter. Kafka Exporter can - provide additional metrics, for example lag of consumer - group at topic/partition. - maintenanceTimeWindows: - type: array - items: - type: string - description: >- - A list of time windows for maintenance tasks (that is, - certificates renewal). Each time window is defined by a cron - expression. - required: - - kafka - - zookeeper - description: >- - The specification of the Kafka and ZooKeeper clusters, and Topic - Operator. - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - description: >- - The unique identifier of a condition, used to - distinguish between other conditions in the resource. - status: - type: string - description: >- - The status of the condition, either True, False or - Unknown. - lastTransitionTime: - type: string - description: >- - Last time the condition of a type changed from one - status to another. The required format is - 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. - reason: - type: string - description: >- - The reason for the condition's last transition (a - single word in CamelCase). - message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - listeners: - type: array - items: - type: object - properties: - type: - type: string - description: >- - *The `type` property has been deprecated, and should - now be configured using `name`.* The name of the - listener. - name: - type: string - description: The name of the listener. - addresses: - type: array - items: + Environment variables which should be applied to the + container. + securityContext: type: object properties: - host: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: type: string - description: >- - The DNS name or IP address of the Kafka - bootstrap service. - port: + readOnlyRootFilesystem: + type: boolean + runAsGroup: type: integer - description: The port of the Kafka bootstrap service. - description: A list of the addresses for this listener. - bootstrapServers: - type: string - description: >- - A comma-separated list of `host:port` pairs for - connecting to the Kafka cluster using this listener. - certificates: - type: array - items: - type: string - description: >- - A list of TLS certificates which can be used to verify - the identity of the server when connecting to the - given listener. Set only for `tls` and `external` - listeners. - description: Addresses of the internal and external listeners. - clusterId: - type: string - description: Kafka cluster Id. - description: >- - The status of the Kafka and ZooKeeper clusters, and Topic - Operator. - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kafkarebalances.kafka.strimzi.io - labels: - app: strimzi - strimzi.io/crd-install: 'true' -spec: - group: kafka.strimzi.io - names: - kind: KafkaRebalance - listKind: KafkaRebalanceList - singular: kafkarebalance - plural: kafkarebalances - shortNames: - - kr - categories: - - strimzi - scope: Namespaced - conversion: - strategy: None - versions: - - name: v1beta2 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this resource rebalances - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: PendingProposal - description: A proposal has been requested from Cruise Control - jsonPath: '.status.conditions[?(@.type=="PendingProposal")].status' - type: string - - name: ProposalReady - description: A proposal is ready and waiting for approval - jsonPath: '.status.conditions[?(@.type=="ProposalReady")].status' - type: string - - name: Rebalancing - description: Cruise Control is doing the rebalance - jsonPath: '.status.conditions[?(@.type=="Rebalancing")].status' - type: string - - name: Ready - description: The rebalance is complete - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - - name: NotReady - description: There is an error on the custom resource - jsonPath: '.status.conditions[?(@.type=="NotReady")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - mode: - type: string - enum: - - full - - add-brokers - - remove-brokers - description: > - Mode to run the rebalancing. The supported modes are `full`, - `add-brokers`, `remove-brokers`. - - If not specified, the `full` mode is used by default. - - - * `full` mode runs the rebalancing across all the brokers in - the cluster. - - * `add-brokers` mode can be used after scaling up the - cluster to move some replicas to the newly added brokers. - - * `remove-brokers` mode can be used before scaling down the - cluster to move replicas out of the brokers to be removed. - brokers: - type: array - items: - type: integer - description: >- - The list of newly added brokers in case of scaling up or the - ones to be removed in case of scaling down to use for - rebalancing. This list can be used only with rebalancing - mode `add-brokers` and `removed-brokers`. It is ignored with - `full` mode. - goals: - type: array - items: - type: string - description: >- - A list of goals, ordered by decreasing priority, to use for - generating and executing the rebalance proposal. The - supported goals are available at - https://github.com/linkedin/cruise-control#goals. If an - empty goals list is provided, the goals declared in the - default.goals Cruise Control configuration parameter are - used. - skipHardGoalCheck: - type: boolean - description: >- - Whether to allow the hard goals specified in the Kafka CR to - be skipped in optimization proposal generation. This can be - useful when some of those hard goals are preventing a - balance solution being found. Default is false. - rebalanceDisk: - type: boolean - description: >- - Enables intra-broker disk balancing, which balances disk - space utilization between disks on the same broker. Only - applies to Kafka deployments that use JBOD storage with - multiple disks. When enabled, inter-broker balancing is - disabled. Default is false. - excludedTopics: - type: string - description: >- - A regular expression where any matching topics will be - excluded from the calculation of optimization proposals. - This expression will be parsed by the - java.util.regex.Pattern class; for more information on the - supported format consult the documentation for that class. - concurrentPartitionMovementsPerBroker: - type: integer - minimum: 0 - description: >- - The upper bound of ongoing partition replica movements going - into/out of each broker. Default is 5. - concurrentIntraBrokerPartitionMovements: - type: integer - minimum: 0 - description: >- - The upper bound of ongoing partition replica movements - between disks within each broker. Default is 2. - concurrentLeaderMovements: - type: integer - minimum: 0 - description: >- - The upper bound of ongoing partition leadership movements. - Default is 1000. - replicationThrottle: - type: integer - minimum: 0 - description: >- - The upper bound, in bytes per second, on the bandwidth used - to move replicas. There is no limit by default. - replicaMovementStrategies: - type: array - items: - type: string - description: >- - A list of strategy class names used to determine the - execution order for the replica movements in the generated - optimization proposal. By default - BaseReplicaMovementStrategy is used, which will execute the - replica movements in the order that they were generated. - description: The specification of the Kafka rebalance. + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for Kafka MirrorMaker container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka MirrorMaker service account. + description: >- + Template to specify how Kafka MirrorMaker resources, + `Deployments` and `Pods`, are generated. + livenessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + description: Pod readiness checking. + oneOf: + - properties: + include: {} + required: + - include + - properties: + whitelist: {} + required: + - whitelist + required: + - replicas + - consumer + - producer + description: The specification of Kafka MirrorMaker. status: type: object properties: @@ -17186,36 +16301,33 @@ spec: description: >- The generation of the CRD that was last reconciled by the operator. - sessionId: + labelSelector: type: string + description: Label selector for pods providing this resource. + replicas: + type: integer description: >- - The session identifier for requests to Cruise Control - pertaining to this KafkaRebalance resource. This is used by - the Kafka Rebalance operator to track the status of ongoing - rebalancing operations. - optimizationResult: - x-kubernetes-preserve-unknown-fields: true - type: object - description: A JSON object describing the optimization result. - description: The status of the Kafka rebalance. + The current number of pods being used to provide this + resource. + description: The status of Kafka MirrorMaker. --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: kafkatopics.kafka.strimzi.io + name: kafkabridges.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics + kind: KafkaBridge + listKind: KafkaBridgeList + singular: kafkabridge + plural: kafkabridges shortNames: - - kt + - kb categories: - strimzi scope: Namespaced @@ -17227,19 +16339,20 @@ spec: storage: true subresources: status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: Partitions - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - type: integer - - name: Replication factor - description: The desired number of replicas of each partition + - name: Desired replicas + description: The desired number of Kafka Bridge replicas jsonPath: .spec.replicas type: integer + - name: Bootstrap Servers + description: The boostrap servers + jsonPath: .spec.bootstrapServers + type: string + priority: 1 - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' @@ -17251,242 +16364,1301 @@ spec: spec: type: object properties: - partitions: - type: integer - minimum: 1 - description: >- - The number of partitions the topic should have. This cannot - be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the - consequences that has, especially for topics with semantic - partitioning. When absent this will default to the broker - configuration for `num.partitions`. replicas: type: integer - minimum: 1 - maximum: 32767 - description: >- - The number of replicas the topic should have. When absent - this will default to the broker configuration for - `default.replication.factor`. - config: - x-kubernetes-preserve-unknown-fields: true - type: object - description: The topic configuration. - topicName: + minimum: 0 + description: The number of pods in the `Deployment`. Defaults to `1`. + image: type: string description: >- - The name of the topic. When absent this will default to the - metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes - resource name. - description: The specification of the topic. - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - description: >- - The unique identifier of a condition, used to - distinguish between other conditions in the resource. - status: - type: string - description: >- - The status of the condition, either True, False or - Unknown. - lastTransitionTime: - type: string - description: >- - Last time the condition of a type changed from one - status to another. The required format is - 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. - reason: - type: string - description: >- - The reason for the condition's last transition (a - single word in CamelCase). - message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - topicName: + The container image used for Kafka Bridge pods. If no image + name is explicitly specified, the image name corresponds to + the image specified in the Cluster Operator configuration. + If an image name is not defined in the Cluster Operator + configuration, a default value is used. + bootstrapServers: type: string - description: Topic name. - description: The status of the topic. - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: Partitions - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - type: integer - - name: Replication factor - description: The desired number of replicas of each partition - jsonPath: .spec.replicas - type: integer - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 description: >- - The number of partitions the topic should have. This cannot - be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the - consequences that has, especially for topics with semantic - partitioning. When absent this will default to the broker - configuration for `num.partitions`. - replicas: - type: integer - minimum: 1 - maximum: 32767 + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: The name of the file certificate in the Secret. + secretName: + type: string + description: The name of the Secret containing the certificate. + required: + - certificate + - secretName + description: Trusted certificates for TLS connection. description: >- - The number of replicas the topic should have. When absent - this will default to the broker configuration for - `default.replication.factor`. - config: - x-kubernetes-preserve-unknown-fields: true + TLS configuration for connecting Kafka Bridge to the + cluster. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access token + which was obtained from the authorization server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as JWT. + This should be set to `false` if the authorization + server returns opaque tokens. Defaults to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against the + authorization server. Some authorization servers require + the audience to be explicitly set. The possible values + depend on how the authorization server is configured. By + default, `audience` is not specified when performing the + token endpoint request. + certificateAndKey: + type: object + properties: + certificate: + type: string + description: The name of the file certificate in the Secret. + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: The name of the Secret containing the certificate. + required: + - certificate + - key + - secretName + description: >- + Reference to the `Secret` which holds the certificate + and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the token + endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth client + secret which the Kafka client can use to authenticate + against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective connect + timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an initial + HTTP request fails. If not set, the default is to not + attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP request. + If not set, the default is to not pause at all but to + immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests to + the authorization servers. The default value is `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to the + specified number of seconds. This should be set if the + authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + password: + type: string + description: >- + The name of the key in the Secret under which the + password is stored. + secretName: + type: string + description: The name of the Secret containing the password. + required: + - password + - secretName + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh token + which can be used to obtain access token from the + authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers require + this to be set. The possible values depend on how + authorization server is configured. By default `scope` + is not specified when doing the token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + certificate: + type: string + description: The name of the file certificate in the Secret. + secretName: + type: string + description: The name of the Secret containing the certificate. + required: + - certificate + - secretName + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types are + `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and + 'oauth'. `scram-sha-256` and `scram-sha-512` types use + SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 + Authentication, respectively. `plain` type uses SASL + PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER + Authentication. The `tls` type uses TLS Client + Authentication. The `tls` type is supported only over + TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: Authentication configuration for connecting to the cluster. + http: + type: object + properties: + port: + type: integer + minimum: 1023 + description: The port which is the server listening on. + cors: + type: object + properties: + allowedOrigins: + type: array + items: + type: string + description: >- + List of allowed origins. Java regular expressions + can be used. + allowedMethods: + type: array + items: + type: string + description: List of allowed HTTP methods. + required: + - allowedOrigins + - allowedMethods + description: CORS configuration for the HTTP Bridge. + description: The HTTP related configuration. + adminClient: type: object - description: The topic configuration. - topicName: + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka AdminClient configuration used for AdminClient + instances created by the bridge. + description: Kafka AdminClient related configuration. + consumer: + type: object + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka consumer configuration used for consumer + instances created by the bridge. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, group.id, sasl., security. (with the + exception of: ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + description: Kafka consumer related configuration. + producer: + type: object + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka producer configuration used for producer + instances created by the bridge. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, sasl., security. (with the exception + of: ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + description: Kafka producer related configuration. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + jvmOptions: + type: object + properties: + '-XX': + x-kubernetes-preserve-unknown-fields: true + type: object + description: A map of -XX options to the JVM. + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: '**Currently not supported** JVM Options for pods.' + logging: + type: object + properties: + loggers: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for Kafka Bridge. + clientRackInitImage: type: string description: >- - The name of the topic. When absent this will default to the - metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes - resource name. - description: The specification of the topic. - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - description: >- - The unique identifier of a condition, used to - distinguish between other conditions in the resource. - status: - type: string - description: >- - The status of the condition, either True, False or - Unknown. - lastTransitionTime: - type: string - description: >- - Last time the condition of a type changed from one - status to another. The required format is - 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. - reason: - type: string - description: >- - The reason for the condition's last transition (a - single word in CamelCase). - message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - topicName: - type: string - description: Topic name. - description: The status of the topic. - - name: v1alpha1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: Partitions - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - type: integer - - name: Replication factor - description: The desired number of replicas of each partition - jsonPath: .spec.replicas - type: integer - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 + The image of the init container used for initializing the + `client.rack`. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: >- + A key that matches labels assigned to the Kubernetes + cluster nodes. The value of the label is used to set a + broker's `broker.rack` config, and the `client.rack` + config for Kafka Connect or MirrorMaker 2. + required: + - topologyKey description: >- - The number of partitions the topic should have. This cannot - be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the - consequences that has, especially for topics with semantic - partitioning. When absent this will default to the broker - configuration for `num.partitions`. - replicas: - type: integer - minimum: 1 - maximum: 32767 + Configuration of the node label which will be used as the + client.rack consumer configuration. + enableMetrics: + type: boolean + description: Enable the metrics for the Kafka Bridge. Default is false. + livenessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + description: Pod readiness checking. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka Bridge `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Kafka Bridge `Pods`. + apiService: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Bridge API `Service`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka Bridge `PodDisruptionBudget`. + bridgeContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Bridge container. + clusterRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Bridge ClusterRoleBinding. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Bridge service account. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Bridge init container. description: >- - The number of replicas the topic should have. When absent - this will default to the broker configuration for - `default.replication.factor`. - config: - x-kubernetes-preserve-unknown-fields: true + Template for Kafka Bridge resources. The template allows + users to specify how a `Deployment` and `Pod` is generated. + tracing: type: object - description: The topic configuration. - topicName: - type: string - description: >- - The name of the topic. When absent this will default to the - metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes - resource name. - description: The specification of the topic. + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka Bridge. + required: + - bootstrapServers + description: The specification of the Kafka Bridge. status: type: object properties: @@ -17527,105 +17699,38 @@ spec: description: >- The generation of the CRD that was last reconciled by the operator. - topicName: + url: type: string - description: Topic name. - description: The status of the topic. - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: strimzi-cluster-operator-kafka-broker-delegation - labels: - app: strimzi -subjects: - - kind: ServiceAccount - name: strimzi-cluster-operator - namespace: private -roleRef: - kind: ClusterRole - name: strimzi-kafka-broker - apiGroup: rbac.authorization.k8s.io - ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: strimzi-cluster-operator - labels: - app: strimzi - namespace: private -data: - log4j2.properties: > - name = COConfig - - monitorInterval = 30 - - - appender.console.type = Console - - appender.console.name = STDOUT - - appender.console.layout.type = PatternLayout - - appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - - %m%n - - - rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} - - rootLogger.appenderRefs = stdout - - rootLogger.appenderRef.console.ref = STDOUT - - - # Kafka AdminClient logging is a bit noisy at INFO level - - logger.kafka.name = org.apache.kafka - - logger.kafka.level = FATAL - - - # Zookeeper is very verbose even on INFO level -> We set it to WARN by default - - logger.zookeepertrustmanager.name = org.apache.zookeeper - - logger.zookeepertrustmanager.level = FATAL - - - # Keeps separate level for Netty logging -> to not be changed by the root logger - - logger.netty.name = io.netty - - logger.netty.level = INFO - - - # Keeps separate log level for OkHttp client - - logger.okhttp3.name = okhttp3 - - logger.okhttp3.level = INFO - - log.segment.bytes=1073741824 + description: >- + The URL at which external client applications can access the + Kafka Bridge. + labelSelector: + type: string + description: Label selector for pods providing this resource. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + description: The status of the Kafka Bridge. --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: kafkausers.kafka.strimzi.io + name: kafkanodepools.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers + kind: KafkaNodePool + listKind: KafkaNodePoolList + singular: kafkanodepool + plural: kafkanodepools shortNames: - - ku + - knp categories: - strimzi scope: Namespaced @@ -17637,23 +17742,15 @@ spec: storage: true subresources: status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this user belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: Authentication - description: How the user is authenticated - jsonPath: .spec.authentication.type - type: string - - name: Authorization - description: How the user is authorised - jsonPath: .spec.authorization.type - type: string - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string + - name: Desired replicas + description: The desired number of replicas + jsonPath: .spec.replicas + type: integer schema: openAPIV3Schema: type: object @@ -17661,223 +17758,756 @@ spec: spec: type: object properties: - authentication: + replicas: + type: integer + minimum: 0 + description: The number of pods in the pool. + storage: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. It is mandatory only for + storage volumes defined in a storage of type 'jbod'. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` field + allows to specify a different configuration for + different brokers. + selector: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When type=persistent-claim, defines the size of the + persistent volume claim (i.e 1Gi). Mandatory when + type=persistent-claim. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of local + storage required for this EmptyDir volume (for example + 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + - jbod + description: >- + Storage type, must be either 'ephemeral', + 'persistent-claim', or 'jbod'. + volumes: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. It is mandatory + only for storage volumes defined in a storage of + type 'jbod'. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` + field allows to specify a different configuration + for different brokers. + selector: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When type=persistent-claim, defines the size of + the persistent volume claim (i.e 1Gi). Mandatory + when type=persistent-claim. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of + local storage required for this EmptyDir volume + (for example 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + description: >- + Storage type, must be either 'ephemeral' or + 'persistent-claim'. + required: + - type + description: >- + List of volumes as Storage objects representing the JBOD + disks array. + required: + - type + description: Storage configuration (disk). Cannot be updated. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: >- + The roles that the nodes in this pool will have when KRaft + mode is enabled. Supported values are 'broker' and + 'controller'. This field is required. When KRaft mode is + disabled, the only allowed value if `broker`. + resources: type: object properties: - password: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + x-kubernetes-preserve-unknown-fields: true + type: object + requests: + x-kubernetes-preserve-unknown-fields: true + type: object + description: CPU and memory resources to reserve. + jvmOptions: + type: object + properties: + '-XX': + x-kubernetes-preserve-unknown-fields: true + type: object + description: A map of -XX options to the JVM. + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + template: + type: object + properties: + podSet: type: object properties: - valueFrom: + metadata: type: object properties: - secretKeyRef: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: type: object properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Selects a key of a Secret in the resource's - namespace. - description: Secret from which the password should be read. - required: - - valueFrom - description: >- - Specify the password for the user. If not set, a new - password is generated by the User Operator. - type: - type: string - enum: - - tls - - tls-external - - scram-sha-512 - description: Authentication type. - required: - - type - description: >- - Authentication mechanism enabled for this Kafka user. The - supported authentication mechanisms are `scram-sha-512`, - `tls`, and `tls-external`. - - - * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 - credentials. - - * `tls` generates a secret with user certificate for mutual - TLS authentication. - - * `tls-external` does not generate a user certificate. But - prepares the user for using mutual TLS authentication using - a user certificate generated outside the User Operator. - ACLs and quotas set for this user are configured in the `CN=` format. - - Authentication is optional. If authentication is not - configured, no credentials are generated. ACLs and quotas - set for the user are configured in the `` format - suitable for SASL authentication. - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - description: >- - The host from which the action described in the - ACL rule is allowed or denied. - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - operations: - type: array - items: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - List of operations which will be allowed or - denied. Supported operations are: Read, Write, - Create, Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - resource: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: type: object properties: - name: + effect: type: string - description: >- - Name of resource for which given ACL rule - applies. Can be combined with `patternType` - field to use prefix pattern. - patternType: + key: type: string - enum: - - literal - - prefix - description: >- - Describes the pattern used in the resource - field. The supported types are `literal` and - `prefix`. With `literal` pattern type, the - resource field will be used as a definition of - a full name. With `prefix` pattern type, the - resource name will be used only as a prefix. - Default value is `literal`. - type: + operator: type: string - enum: - - topic - - group - - cluster - - transactionalId - description: >- - Resource type. The available resource types - are `topic`, `group`, `cluster`, and - `transactionalId`. - required: - - type - description: >- - Indicates the resource for which given ACL rule - applies. - type: - type: string - enum: - - allow - - deny - description: >- - The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are - used to allow user to execute the specified - operations. Default value is `allow`. - required: - - resource - description: List of ACL rules which should be applied to this user. - type: - type: string - enum: - - simple - description: >- - Authorization type. Currently the only supported type is - `simple`. `simple` authorization type uses Kafka's - `kafka.security.authorizer.AclAuthorizer` class for - authorization. - required: - - acls - - type - description: Authorization rules for this Kafka user. - quotas: - type: object - properties: - consumerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - controllerMutationRate: - type: number - minimum: 0 - description: >- - A quota on the rate at which mutations are accepted for - the create topics request, the create partitions request - and the delete topics request. The rate is accumulated - by the number of partitions created or deleted. - producerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - requestPercentage: - type: integer - minimum: 0 + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + description: Template for Kafka `Pods`. + perPodService: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. description: >- - A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. - description: >- - Quotas on requests to control the broker resources used by - clients. Network bandwidth and request rate quotas can be - enforced.Kafka documentation for Kafka User quotas can be - found at - http://kafka.apache.org/documentation/#design_quotas. - template: - type: object - properties: - secret: + Template for Kafka per-pod `Services` used for access + from outside of Kubernetes. + perPodRoute: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Routes` used for access from + outside of OpenShift. + perPodIngress: type: object properties: metadata: @@ -17886,26 +18516,192 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Labels added to the Kubernetes resource. annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. + description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- - Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS - certificates is generated. - description: Template to specify how Kafka User `Secrets` are generated. - description: The specification of the user. + Template for Kafka per-pod `Ingress` used for access + from outside of Kubernetes. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Labels added to the Kubernetes resource. + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for all Kafka `PersistentVolumeClaims`. + kafkaContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka broker container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka init container. + description: >- + Template for pool resources. The template allows users to + specify how the resources belonging to this pool are + generated. + required: + - replicas + - storage + - roles + description: The specification of the KafkaNodePool. status: type: object properties: @@ -17936,366 +18732,502 @@ spec: The reason for the condition's last transition (a single word in CamelCase). message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - username: - type: string - description: Username. - secret: - type: string - description: The name of `Secret` where the credentials are stored. - description: The status of the Kafka User. - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - description: The name of the Kafka cluster this user belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - type: string - - name: Authentication - description: How the user is authenticated - jsonPath: .spec.authentication.type - type: string - - name: Authorization - description: How the user is authorised - jsonPath: .spec.authorization.type - type: string - - name: Ready - description: The state of the custom resource - jsonPath: '.status.conditions[?(@.type=="Ready")].status' - type: string - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - password: - type: object - properties: - valueFrom: - type: object - properties: - secretKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Selects a key of a Secret in the resource's - namespace. - description: Secret from which the password should be read. - required: - - valueFrom - description: >- - Specify the password for the user. If not set, a new - password is generated by the User Operator. - type: - type: string - enum: - - tls - - tls-external - - scram-sha-512 - description: Authentication type. - required: - - type + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer description: >- - Authentication mechanism enabled for this Kafka user. The - supported authentication mechanisms are `scram-sha-512`, - `tls`, and `tls-external`. + The generation of the CRD that was last reconciled by the + operator. + nodeIds: + type: array + items: + type: integer + description: Node IDs used by Kafka nodes in this pool. + clusterId: + type: string + description: Kafka cluster ID. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: The roles currently assigned to this pool. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + labelSelector: + type: string + description: Label selector for pods providing this resource. + description: The status of the KafkaNodePool. + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: private +data: + log4j2.properties: > + name = COConfig + + monitorInterval = 30 - * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 - credentials. + appender.console.type = Console - * `tls` generates a secret with user certificate for mutual - TLS authentication. + appender.console.name = STDOUT + + appender.console.layout.type = PatternLayout + + appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - + %m%n + + + rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} + + rootLogger.appenderRefs = stdout + + rootLogger.appenderRef.console.ref = STDOUT + + + # Kafka AdminClient logging is a bit noisy at INFO level + + logger.kafka.name = org.apache.kafka + + logger.kafka.level = WARN + + + # Zookeeper is very verbose even on INFO level -> We set it to WARN by + default + + logger.zookeepertrustmanager.name = org.apache.zookeeper + + logger.zookeepertrustmanager.level = WARN + + + # Keeps separate level for Netty logging -> to not be changed by the root + logger + + logger.netty.name = io.netty + + logger.netty.level = INFO + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: private +spec: + replicas: 1 + selector: + matchLabels: + name: strimzi-cluster-operator + strimzi.io/kind: cluster-operator + template: + metadata: + labels: + name: strimzi-cluster-operator + strimzi.io/kind: cluster-operator + spec: + serviceAccountName: strimzi-cluster-operator + volumes: + - name: strimzi-tmp + emptyDir: + medium: Memory + sizeLimit: 1Mi + - name: co-config-volume + configMap: + name: strimzi-cluster-operator + containers: + - name: strimzi-cluster-operator + image: 'quay.io/strimzi/operator:0.39.0' + ports: + - containerPort: 8080 + name: http + args: + - /opt/strimzi/bin/cluster_operator_run.sh + volumeMounts: + - name: strimzi-tmp + mountPath: /tmp + - name: co-config-volume + mountPath: /opt/strimzi/custom-config/ + env: + - name: STRIMZI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS + value: '120000' + - name: STRIMZI_OPERATION_TIMEOUT_MS + value: '300000' + - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE + value: 'quay.io/strimzi/kafka:0.39.0-kafka-3.6.1' + - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE + value: 'quay.io/strimzi/kafka:0.39.0-kafka-3.6.1' + - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE + value: 'quay.io/strimzi/kafka:0.39.0-kafka-3.6.1' + - name: STRIMZI_KAFKA_IMAGES + value: | + 3.5.0=quay.io/strimzi/kafka:0.39.0-kafka-3.5.0 + 3.5.1=quay.io/strimzi/kafka:0.39.0-kafka-3.5.1 + 3.5.2=quay.io/strimzi/kafka:0.39.0-kafka-3.5.2 + 3.6.0=quay.io/strimzi/kafka:0.39.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.39.0-kafka-3.6.1 + - name: STRIMZI_KAFKA_CONNECT_IMAGES + value: | + 3.5.0=quay.io/strimzi/kafka:0.39.0-kafka-3.5.0 + 3.5.1=quay.io/strimzi/kafka:0.39.0-kafka-3.5.1 + 3.5.2=quay.io/strimzi/kafka:0.39.0-kafka-3.5.2 + 3.6.0=quay.io/strimzi/kafka:0.39.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.39.0-kafka-3.6.1 + - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES + value: | + 3.5.0=quay.io/strimzi/kafka:0.39.0-kafka-3.5.0 + 3.5.1=quay.io/strimzi/kafka:0.39.0-kafka-3.5.1 + 3.5.2=quay.io/strimzi/kafka:0.39.0-kafka-3.5.2 + 3.6.0=quay.io/strimzi/kafka:0.39.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.39.0-kafka-3.6.1 + - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES + value: | + 3.5.0=quay.io/strimzi/kafka:0.39.0-kafka-3.5.0 + 3.5.1=quay.io/strimzi/kafka:0.39.0-kafka-3.5.1 + 3.5.2=quay.io/strimzi/kafka:0.39.0-kafka-3.5.2 + 3.6.0=quay.io/strimzi/kafka:0.39.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.39.0-kafka-3.6.1 + - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE + value: 'quay.io/strimzi/operator:0.39.0' + - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE + value: 'quay.io/strimzi/operator:0.39.0' + - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE + value: 'quay.io/strimzi/operator:0.39.0' + - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE + value: 'quay.io/strimzi/kafka-bridge:0.27.0' + - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE + value: 'quay.io/strimzi/kaniko-executor:0.39.0' + - name: STRIMZI_DEFAULT_MAVEN_BUILDER + value: 'quay.io/strimzi/maven-builder:0.39.0' + - name: STRIMZI_OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_FEATURE_GATES + value: '' + - name: STRIMZI_LEADER_ELECTION_ENABLED + value: 'true' + - name: STRIMZI_LEADER_ELECTION_LEASE_NAME + value: strimzi-cluster-operator + - name: STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + fieldPath: metadata.name + livenessProbe: + httpGet: + path: /healthy + port: http + initialDelaySeconds: 10 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /ready + port: http + initialDelaySeconds: 10 + periodSeconds: 30 + resources: + limits: + cpu: 1000m + memory: 384Mi + requests: + cpu: 200m + memory: 384Mi + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-entity-operator + labels: + app: strimzi +rules: + - apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - kafka.strimzi.io + resources: + - kafkausers + verbs: + - get + - list + - watch + - create + - patch + - update + - apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics/status + - kafkausers/status + verbs: + - get + - patch + - update + - apiGroups: + - '' + resources: + - events + verbs: + - create + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator-entity-operator-delegation + labels: + app: strimzi + namespace: private +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-entity-operator + apiGroup: rbac.authorization.k8s.io - * `tls-external` does not generate a user certificate. But - prepares the user for using mutual TLS authentication using - a user certificate generated outside the User Operator. - ACLs and quotas set for this user are configured in the `CN=` format. +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: private - Authentication is optional. If authentication is not - configured, no credentials are generated. ACLs and quotas - set for the user are configured in the `` format - suitable for SASL authentication. - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - description: >- - The host from which the action described in the - ACL rule is allowed or denied. - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - operations: - type: array - items: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - List of operations which will be allowed or - denied. Supported operations are: Read, Write, - Create, Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - resource: - type: object - properties: - name: - type: string - description: >- - Name of resource for which given ACL rule - applies. Can be combined with `patternType` - field to use prefix pattern. - patternType: - type: string - enum: - - literal - - prefix - description: >- - Describes the pattern used in the resource - field. The supported types are `literal` and - `prefix`. With `literal` pattern type, the - resource field will be used as a definition of - a full name. With `prefix` pattern type, the - resource name will be used only as a prefix. - Default value is `literal`. - type: - type: string - enum: - - topic - - group - - cluster - - transactionalId - description: >- - Resource type. The available resource types - are `topic`, `group`, `cluster`, and - `transactionalId`. - required: - - type - description: >- - Indicates the resource for which given ACL rule - applies. - type: - type: string - enum: - - allow - - deny - description: >- - The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are - used to allow user to execute the specified - operations. Default value is `allow`. - required: - - resource - description: List of ACL rules which should be applied to this user. - type: - type: string - enum: - - simple - description: >- - Authorization type. Currently the only supported type is - `simple`. `simple` authorization type uses Kafka's - `kafka.security.authorizer.AclAuthorizer` class for - authorization. - required: - - acls - - type - description: Authorization rules for this Kafka user. - quotas: - type: object - properties: - consumerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - controllerMutationRate: - type: number - minimum: 0 - description: >- - A quota on the rate at which mutations are accepted for - the create topics request, the create partitions request - and the delete topics request. The rate is accumulated - by the number of partitions created or deleted. - producerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - requestPercentage: - type: integer - minimum: 0 - description: >- - A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. - description: >- - Quotas on requests to control the broker resources used by - clients. Network bandwidth and request rate quotas can be - enforced.Kafka documentation for Kafka User quotas can be - found at - http://kafka.apache.org/documentation/#design_quotas. - template: - type: object - properties: - secret: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - description: >- - Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS - certificates is generated. - description: Template to specify how Kafka User `Secrets` are generated. - description: The specification of the user. - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - description: >- - The unique identifier of a condition, used to - distinguish between other conditions in the resource. - status: - type: string - description: >- - The status of the condition, either True, False or - Unknown. - lastTransitionTime: - type: string - description: >- - Last time the condition of a type changed from one - status to another. The required format is - 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. - reason: - type: string - description: >- - The reason for the condition's last transition (a - single word in CamelCase). - message: - type: string - description: >- - Human-readable message indicating details about the - condition's last transition. - description: List of status conditions. - observedGeneration: - type: integer - description: >- - The generation of the CRD that was last reconciled by the - operator. - username: - type: string - description: Username. - secret: - type: string - description: The name of `Secret` where the credentials are stored. - description: The status of the Kafka User. - - name: v1alpha1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-watched + labels: + app: strimzi +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - watch + - list + - apiGroups: + - kafka.strimzi.io + resources: + - kafkas + - kafkanodepools + - kafkaconnects + - kafkaconnectors + - kafkamirrormakers + - kafkabridges + - kafkamirrormaker2s + - kafkarebalances + verbs: + - get + - list + - watch + - create + - patch + - update + - apiGroups: + - kafka.strimzi.io + resources: + - kafkas/status + - kafkanodepools/status + - kafkaconnects/status + - kafkaconnectors/status + - kafkamirrormakers/status + - kafkabridges/status + - kafkamirrormaker2s/status + - kafkarebalances/status + verbs: + - get + - patch + - update + - apiGroups: + - core.strimzi.io + resources: + - strimzipodsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - core.strimzi.io + resources: + - strimzipodsets/status + verbs: + - get + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-kafka-client + labels: + app: strimzi +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-global + labels: + app: strimzi +rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - apiGroups: + - '' + resources: + - nodes + verbs: + - list + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: private +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-global + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkarebalances.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaRebalance + listKind: KafkaRebalanceList + singular: kafkarebalance + plural: kafkarebalances + shortNames: + - kr + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 served: true - storage: false + storage: true subresources: status: {} additionalPrinterColumns: - name: Cluster - description: The name of the Kafka cluster this user belongs to + description: The name of the Kafka cluster this resource rebalances jsonPath: .metadata.labels.strimzi\.io/cluster type: string - - name: Authentication - description: How the user is authenticated - jsonPath: .spec.authentication.type + - name: PendingProposal + description: A proposal has been requested from Cruise Control + jsonPath: '.status.conditions[?(@.type=="PendingProposal")].status' type: string - - name: Authorization - description: How the user is authorised - jsonPath: .spec.authorization.type + - name: ProposalReady + description: A proposal is ready and waiting for approval + jsonPath: '.status.conditions[?(@.type=="ProposalReady")].status' + type: string + - name: Rebalancing + description: Cruise Control is doing the rebalance + jsonPath: '.status.conditions[?(@.type=="Rebalancing")].status' type: string - name: Ready - description: The state of the custom resource + description: The rebalance is complete jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string + - name: NotReady + description: There is an error on the custom resource + jsonPath: '.status.conditions[?(@.type=="NotReady")].status' + type: string schema: openAPIV3Schema: type: object @@ -18303,251 +19235,107 @@ spec: spec: type: object properties: - authentication: - type: object - properties: - password: - type: object - properties: - valueFrom: - type: object - properties: - secretKeyRef: - type: object - properties: - key: - type: string - name: - type: string - optional: - type: boolean - description: >- - Selects a key of a Secret in the resource's - namespace. - description: Secret from which the password should be read. - required: - - valueFrom - description: >- - Specify the password for the user. If not set, a new - password is generated by the User Operator. - type: - type: string - enum: - - tls - - tls-external - - scram-sha-512 - description: Authentication type. - required: - - type + mode: + type: string + enum: + - full + - add-brokers + - remove-brokers + description: > + Mode to run the rebalancing. The supported modes are `full`, + `add-brokers`, `remove-brokers`. + + If not specified, the `full` mode is used by default. + + + * `full` mode runs the rebalancing across all the brokers in + the cluster. + + * `add-brokers` mode can be used after scaling up the + cluster to move some replicas to the newly added brokers. + + * `remove-brokers` mode can be used before scaling down the + cluster to move replicas out of the brokers to be removed. + brokers: + type: array + items: + type: integer + description: >- + The list of newly added brokers in case of scaling up or the + ones to be removed in case of scaling down to use for + rebalancing. This list can be used only with rebalancing + mode `add-brokers` and `removed-brokers`. It is ignored with + `full` mode. + goals: + type: array + items: + type: string + description: >- + A list of goals, ordered by decreasing priority, to use for + generating and executing the rebalance proposal. The + supported goals are available at + https://github.com/linkedin/cruise-control#goals. If an + empty goals list is provided, the goals declared in the + default.goals Cruise Control configuration parameter are + used. + skipHardGoalCheck: + type: boolean + description: >- + Whether to allow the hard goals specified in the Kafka CR to + be skipped in optimization proposal generation. This can be + useful when some of those hard goals are preventing a + balance solution being found. Default is false. + rebalanceDisk: + type: boolean + description: >- + Enables intra-broker disk balancing, which balances disk + space utilization between disks on the same broker. Only + applies to Kafka deployments that use JBOD storage with + multiple disks. When enabled, inter-broker balancing is + disabled. Default is false. + excludedTopics: + type: string description: >- - Authentication mechanism enabled for this Kafka user. The - supported authentication mechanisms are `scram-sha-512`, - `tls`, and `tls-external`. - - - * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 - credentials. - - * `tls` generates a secret with user certificate for mutual - TLS authentication. - - * `tls-external` does not generate a user certificate. But - prepares the user for using mutual TLS authentication using - a user certificate generated outside the User Operator. - ACLs and quotas set for this user are configured in the `CN=` format. - - Authentication is optional. If authentication is not - configured, no credentials are generated. ACLs and quotas - set for the user are configured in the `` format - suitable for SASL authentication. - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - description: >- - The host from which the action described in the - ACL rule is allowed or denied. - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - operations: - type: array - items: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - description: >- - List of operations which will be allowed or - denied. Supported operations are: Read, Write, - Create, Delete, Alter, Describe, ClusterAction, - AlterConfigs, DescribeConfigs, IdempotentWrite and - All. - resource: - type: object - properties: - name: - type: string - description: >- - Name of resource for which given ACL rule - applies. Can be combined with `patternType` - field to use prefix pattern. - patternType: - type: string - enum: - - literal - - prefix - description: >- - Describes the pattern used in the resource - field. The supported types are `literal` and - `prefix`. With `literal` pattern type, the - resource field will be used as a definition of - a full name. With `prefix` pattern type, the - resource name will be used only as a prefix. - Default value is `literal`. - type: - type: string - enum: - - topic - - group - - cluster - - transactionalId - description: >- - Resource type. The available resource types - are `topic`, `group`, `cluster`, and - `transactionalId`. - required: - - type - description: >- - Indicates the resource for which given ACL rule - applies. - type: - type: string - enum: - - allow - - deny - description: >- - The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are - used to allow user to execute the specified - operations. Default value is `allow`. - required: - - resource - description: List of ACL rules which should be applied to this user. - type: - type: string - enum: - - simple - description: >- - Authorization type. Currently the only supported type is - `simple`. `simple` authorization type uses Kafka's - `kafka.security.authorizer.AclAuthorizer` class for - authorization. - required: - - acls - - type - description: Authorization rules for this Kafka user. - quotas: - type: object - properties: - consumerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - controllerMutationRate: - type: number - minimum: 0 - description: >- - A quota on the rate at which mutations are accepted for - the create topics request, the create partitions request - and the delete topics request. The rate is accumulated - by the number of partitions created or deleted. - producerByteRate: - type: integer - minimum: 0 - description: >- - A quota on the maximum bytes per-second that each client - group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - requestPercentage: - type: integer - minimum: 0 - description: >- - A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. + A regular expression where any matching topics will be + excluded from the calculation of optimization proposals. + This expression will be parsed by the + java.util.regex.Pattern class; for more information on the + supported format consult the documentation for that class. + concurrentPartitionMovementsPerBroker: + type: integer + minimum: 0 description: >- - Quotas on requests to control the broker resources used by - clients. Network bandwidth and request rate quotas can be - enforced.Kafka documentation for Kafka User quotas can be - found at - http://kafka.apache.org/documentation/#design_quotas. - template: - type: object - properties: - secret: - type: object - properties: - metadata: - type: object - properties: - labels: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Labels added to the resource template. Can be - applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - annotations: - x-kubernetes-preserve-unknown-fields: true - type: object - description: >- - Annotations added to the resource template. Can - be applied to different resources such as - `StatefulSets`, `Deployments`, `Pods`, and - `Services`. - description: Metadata applied to the resource. - description: >- - Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS - certificates is generated. - description: Template to specify how Kafka User `Secrets` are generated. - description: The specification of the user. + The upper bound of ongoing partition replica movements going + into/out of each broker. Default is 5. + concurrentIntraBrokerPartitionMovements: + type: integer + minimum: 0 + description: >- + The upper bound of ongoing partition replica movements + between disks within each broker. Default is 2. + concurrentLeaderMovements: + type: integer + minimum: 0 + description: >- + The upper bound of ongoing partition leadership movements. + Default is 1000. + replicationThrottle: + type: integer + minimum: 0 + description: >- + The upper bound, in bytes per second, on the bandwidth used + to move replicas. There is no limit by default. + replicaMovementStrategies: + type: array + items: + type: string + description: >- + A list of strategy class names used to determine the + execution order for the replica movements in the generated + optimization proposal. By default + BaseReplicaMovementStrategy is used, which will execute the + replica movements in the order that they were generated. + description: The specification of the Kafka rebalance. status: type: object properties: @@ -18588,10 +19376,15 @@ spec: description: >- The generation of the CRD that was last reconciled by the operator. - username: - type: string - description: Username. - secret: + sessionId: type: string - description: The name of `Secret` where the credentials are stored. - description: The status of the Kafka User. + description: >- + The session identifier for requests to Cruise Control + pertaining to this KafkaRebalance resource. This is used by + the Kafka Rebalance operator to track the status of ongoing + rebalancing operations. + optimizationResult: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A JSON object describing the optimization result. + description: The status of the Kafka rebalance. diff --git a/skewer.yaml b/skewer.yaml index f249e6f..fc364d1 100644 --- a/skewer.yaml +++ b/skewer.yaml @@ -45,7 +45,7 @@ steps: deploy the cluster and topic. commands: private: - - run: kubectl create -f kafka-cluster/strimzi.yaml + - run: kubectl create -f server/strimzi.yaml output: | customresourcedefinition.apiextensions.k8s.io/kafkas.kafka.strimzi.io created rolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-entity-operator-delegation created @@ -72,7 +72,7 @@ steps: customresourcedefinition.apiextensions.k8s.io/kafkaconnects.kafka.strimzi.io created customresourcedefinition.apiextensions.k8s.io/kafkamirrormakers.kafka.strimzi.io created configmap/strimzi-cluster-operator created - - run: kubectl apply -f kafka-cluster/cluster1.yaml + - run: kubectl apply -f server/cluster1.yaml output: | kafka.kafka.strimzi.io/cluster1 created kafkatopic.kafka.strimzi.io/topic1 created @@ -164,7 +164,7 @@ steps: commands: private: - run: skupper delete - - run: kubectl delete -f kafka-cluster/cluster1.yaml - - run: kubectl delete -f kafka-cluster/strimzi.yaml + - run: kubectl delete -f server/cluster1.yaml + - run: kubectl delete -f server/strimzi.yaml public: - run: skupper delete