From 8e8029c9c42b4d65d41bf55720b4012d41dc1c26 Mon Sep 17 00:00:00 2001 From: Shamil Ganiev Date: Mon, 2 Oct 2023 10:57:12 +0400 Subject: [PATCH] add helm chart Signed-off-by: Shamil Ganiev --- Makefile | 4 + charts/temporal-operator/.helmignore | 23 + charts/temporal-operator/Chart.yaml | 21 + .../crds/temporal-operator.crds.yaml | 3982 +++++++++++++++++ .../temporal-operator/templates/_helpers.tpl | 62 + .../templates/deployment.yaml | 59 + .../templates/leader-election-rbac.yaml | 53 + .../templates/manager-rbac.yaml | 254 ++ .../mutating-webhook-configuration.yaml | 49 + .../templates/selfsigned-issuer.yaml | 10 + .../templates/serviceaccount.yaml | 8 + .../templates/serving-cert.yaml | 20 + .../validating-webhook-configuration.yaml | 49 + .../templates/webhook-service.yaml | 16 + charts/temporal-operator/values.yaml | 35 + .../bases/temporal.io_temporalclusters.yaml | 52 +- 16 files changed, 4671 insertions(+), 26 deletions(-) create mode 100644 charts/temporal-operator/.helmignore create mode 100644 charts/temporal-operator/Chart.yaml create mode 100644 charts/temporal-operator/crds/temporal-operator.crds.yaml create mode 100644 charts/temporal-operator/templates/_helpers.tpl create mode 100644 charts/temporal-operator/templates/deployment.yaml create mode 100644 charts/temporal-operator/templates/leader-election-rbac.yaml create mode 100644 charts/temporal-operator/templates/manager-rbac.yaml create mode 100644 charts/temporal-operator/templates/mutating-webhook-configuration.yaml create mode 100644 charts/temporal-operator/templates/selfsigned-issuer.yaml create mode 100644 charts/temporal-operator/templates/serviceaccount.yaml create mode 100644 charts/temporal-operator/templates/serving-cert.yaml create mode 100644 charts/temporal-operator/templates/validating-webhook-configuration.yaml create mode 100644 charts/temporal-operator/templates/webhook-service.yaml create mode 100644 charts/temporal-operator/values.yaml diff --git a/Makefile b/Makefile index 9c2c9733..8e3e7308 100644 --- a/Makefile +++ b/Makefile @@ -169,6 +169,10 @@ artifacts: kustomize $(KUSTOMIZE) build config/crd > ${RELEASE_PATH}/temporal-operator.crds.yaml $(KUSTOMIZE) build config/default > ${RELEASE_PATH}/temporal-operator.yaml +.PHONY: helm +helm: manifests + cp ${RELEASE_PATH}/temporal-operator.crds.yaml charts/temporal-operator/crds + .PHONY: bundle bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests -q diff --git a/charts/temporal-operator/.helmignore b/charts/temporal-operator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/temporal-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/temporal-operator/Chart.yaml b/charts/temporal-operator/Chart.yaml new file mode 100644 index 00000000..07c92063 --- /dev/null +++ b/charts/temporal-operator/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: temporal-operator +description: The Temporal Kubernetes operator helm chart +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.15.0" diff --git a/charts/temporal-operator/crds/temporal-operator.crds.yaml b/charts/temporal-operator/crds/temporal-operator.crds.yaml new file mode 100644 index 00000000..829e9461 --- /dev/null +++ b/charts/temporal-operator/crds/temporal-operator.crds.yaml @@ -0,0 +1,3982 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: temporalclusterclients.temporal.io +spec: + group: temporal.io + names: + kind: TemporalClusterClient + listKind: TemporalClusterClientList + plural: temporalclusterclients + singular: temporalclusterclient + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: A TemporalClusterClient creates a new mTLS client in the targeted + temporal cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemporalClusterClientSpec defines the desired state of ClusterClient. + properties: + clusterRef: + description: Reference to the temporal cluster the client will get + access to. + properties: + name: + description: The name of the TemporalCluster to reference. + type: string + namespace: + description: The namespace of the TemporalCluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + required: + - clusterRef + type: object + status: + description: TemporalClusterClientStatus defines the observed state of + ClusterClient. + properties: + secretRef: + description: Reference to the Kubernetes Secret containing the certificate + for the client. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + serverName: + description: ServerName is the hostname returned by the certificate. + type: string + required: + - serverName + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: temporalclusters.temporal.io +spec: + group: temporal.io + names: + kind: TemporalCluster + listKind: TemporalClusterList + plural: temporalclusters + singular: temporalcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == 'Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status + name: ReconcileSuccess + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TemporalCluster defines a temporal cluster deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of the Temporal cluster. + properties: + admintools: + description: AdminTools allows configuration of the optional admin + tool pod deployed alongside the cluster. + properties: + enabled: + description: Enabled defines if the operator should deploy the + admin tools alongside the cluster. + type: boolean + image: + description: Image defines the temporal admin tools docker image + the instance should run. + type: string + overrides: + description: Overrides adds some overrides to the resources deployed + for the ui. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability to + override an object metadata. It's a subset of the fields + included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. + type: object + type: object + spec: + description: Specification of the desired behavior of + the Deployment. + properties: + template: + description: Template describes the pods that will + be created. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset + of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + resources: + description: 'Compute Resources required by the ui. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + dynamicConfig: + description: DynamicConfig allows advanced configuration for the temporal + cluster. + properties: + pollInterval: + description: PollInterval defines how often the config should + be updated by checking provided values. Defaults to 10s. + type: string + values: + additionalProperties: + items: + description: ConstrainedValue is an alias for temporal's dynamicconfig.ConstrainedValue. + properties: + constraints: + description: Constraints describe under what conditions + a ConstrainedValue should be used. + properties: + namespace: + type: string + namespaceId: + type: string + shardId: + format: int32 + type: integer + taskQueueName: + type: string + taskQueueType: + type: string + taskType: + type: string + type: object + value: + description: 'Value is the value for the configuration + key. The type of the Value field depends on the key. + Acceptable types will be one of: int, float64, bool, + string, map[string]any, time.Duration' + x-kubernetes-preserve-unknown-fields: true + required: + - value + type: object + type: array + description: Values contains all dynamic config keys and their + constained values. + type: object + required: + - values + type: object + image: + description: Image defines the temporal server docker image the cluster + should use for each services. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling temporal images from registries. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + jobTtlSecondsAfterFinished: + default: 300 + description: JobTTLSecondsAfterFinished is amount of time to keep + job pods after jobs are completed. Defaults to 300 seconds. + format: int32 + minimum: 1 + type: integer + mTLS: + description: MTLS allows configuration of the network traffic encryption + for the cluster. + properties: + certificatesDuration: + description: CertificatesDuration allows configuration of maximum + certificates lifetime. Useless if mTLS provider is not cert-manager. + properties: + clientCertificates: + description: ClientCertificates is the 'duration' (i.e. lifetime) + of the client certificates. It defaults to 1 year. + type: string + frontendCertificate: + description: FrontendCertificate is the 'duration' (i.e. lifetime) + of the frontend certificate. It defaults to 1 year. + type: string + intermediateCAsCertificates: + description: IntermediateCACertificates is the 'duration' + (i.e. lifetime) of the intermediate CAs Certificates. It + defaults to 5 years. + type: string + internodeCertificate: + description: InternodeCertificate is the 'duration' (i.e. + lifetime) of the internode certificate. It defaults to 1 + year. + type: string + rootCACertificate: + description: RootCACertificate is the 'duration' (i.e. lifetime) + of the Root CA Certificate. It defaults to 10 years. + type: string + type: object + frontend: + description: Frontend allows configuration of the frontend's public + endpoint traffic encryption. Useless if mTLS provider is not + cert-manager. + properties: + enabled: + description: Enabled defines if the operator should enable + mTLS for cluster's public endpoints. + type: boolean + type: object + internode: + description: Internode allows configuration of the internode traffic + encryption. Useless if mTLS provider is not cert-manager. + properties: + enabled: + description: Enabled defines if the operator should enable + mTLS for network between cluster nodes. + type: boolean + type: object + provider: + default: cert-manager + description: Provider defines the tool used to manage mTLS certificates. + enum: + - cert-manager + - linkerd + - istio + type: string + refreshInterval: + description: RefreshInterval defines interval between refreshes + of certificates in the cluster components. Defaults to 1 hour. + Useless if mTLS provider is not cert-manager. + type: string + type: object + metrics: + description: Metrics allows configuration of scraping endpoints for + stats. prometheus or m3. + properties: + enabled: + description: Enabled defines if the operator should enable metrics + exposition on temporal components. + type: boolean + prometheus: + description: Prometheus reporter configuration. + properties: + listenAddress: + description: Deprecated. Address for prometheus to serve metrics + from. + type: string + listenPort: + description: ListenPort for prometheus to serve metrics from. + format: int32 + type: integer + scrapeConfig: + description: ScrapeConfig is the prometheus scrape configuration. + properties: + annotations: + description: Annotations defines if the operator should + add prometheus scrape annotations to the services pods. + type: boolean + serviceMonitor: + description: PrometheusScrapeConfigServiceMonitor is the + configuration for prometheus operator ServiceMonitor. + properties: + enabled: + description: Enabled defines if the operator should + create a ServiceMonitor for each services. + type: boolean + metricRelabelings: + description: MetricRelabelConfigs to apply to samples + before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting + of the label set, being applied to samples before + ingestion. It defines ``-section + of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex + matching. Default is 'replace'. uppercase + and lowercase actions require Prometheus >= + 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of + the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which + the extracted value is matched. Default is + '(.*)' + type: string + replacement: + description: Replacement value against which + a regex replace is performed if the regular + expression matches. Regex capture groups are + available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated + source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values + from existing labels. Their content is concatenated + using the configured separator and matched + against the configured regular expression + for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus + label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value + is written in a replace action. It is mandatory + for replace actions. Regex capture groups + are available. + type: string + type: object + type: array + override: + description: Override allows customization of the + created ServiceMonitor. All fields can be overritten + except "endpoints", "selector" and "namespaceSelector". + properties: + attachMetadata: + description: Attaches node metadata to discovered + targets. Requires Prometheus v2.37.0 and above. + properties: + node: + description: When set to true, Prometheus + must have permissions to get Nodes. + type: boolean + type: object + endpoints: + description: A list of endpoints allowed as part + of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint + serving Prometheus metrics. + properties: + authorization: + description: Authorization section for this + endpoint + properties: + credentials: + description: The secret's key that contains + the credentials of the request + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, Basic will + cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint + to authenticate over basic authentication + More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service + monitor namespace that contains the + password for authentication. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service + monitor namespace that contains the + username for authentication. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenFile: + description: File to read bearer token for + scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer + token for scraping targets. The secret + needs to be in the same namespace as the + service monitor and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. + (Failed, Succeeded). Enabled by default. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean + followRedirects: + description: FollowRedirects configures + whether scrape requests follow HTTP 3xx + redirects. + type: boolean + honorLabels: + description: HonorLabels chooses the metric's + labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether + Prometheus respects the timestamps present + in scraped data. + type: boolean + interval: + description: Interval at which metrics should + be scraped If not specified Prometheus' + global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply + to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic + rewriting of the label set, being applied + to samples before ingestion. It defines + ``-section of + Prometheus configuration. More info: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based + on regex matching. Default is 'replace'. + uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the + hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against + which the extracted value is matched. + Default is '(.*)' + type: string + replacement: + description: Replacement value against + which a regex replace is performed + if the regular expression matches. + Regex capture groups are available. + Default is '$1' + type: string + separator: + description: Separator placed between + concatenated source label values. + default is ';'. + type: string + sourceLabels: + description: The source labels select + values from existing labels. Their + content is concatenated using the + configured separator and matched + against the configured regular expression + for the replace, keep, and drop + actions. + items: + description: LabelName is a valid + Prometheus label name which may + only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting + value is written in a replace action. + It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + oauth2: + description: OAuth2 for the URL. Only valid + in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the + OAuth2 client secret + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to + the token URL + type: object + scopes: + description: OAuth2 scopes used for + the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token + from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + If empty, Prometheus uses the default + value (e.g. `/metrics`). + type: string + port: + description: Name of the service port this + endpoint refers to. Mutually exclusive + with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 + Directs scrapes to proxy through this + endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to + samples before scraping. Prometheus Operator + automatically adds relabelings for a few + standard Kubernetes fields. The original + scrape job''s name is available via the + `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic + rewriting of the label set, being applied + to samples before ingestion. It defines + ``-section of + Prometheus configuration. More info: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based + on regex matching. Default is 'replace'. + uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the + hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against + which the extracted value is matched. + Default is '(.*)' + type: string + replacement: + description: Replacement value against + which a regex replace is performed + if the regular expression matches. + Regex capture groups are available. + Default is '$1' + type: string + separator: + description: Separator placed between + concatenated source label values. + default is ';'. + type: string + sourceLabels: + description: The source labels select + values from existing labels. Their + content is concatenated using the + configured separator and matched + against the configured regular expression + for the replace, keep, and drop + actions. + items: + description: LabelName is a valid + Prometheus label name which may + only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting + value is written in a replace action. + It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + `http` and `https` are the expected values + unless you rewrite the `__scheme__` label + via relabeling. If empty, Prometheus uses + the default value `http`. + enum: + - http + - https + type: string + scrapeTimeout: + description: Timeout after which the scrape + is ended If not specified, the Prometheus + global scrape timeout is used unless it + is less than `Interval` in which the latter + is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the target + port of the Pod behind the Service, the + port must be specified with container + port property. Mutually exclusive with + port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when + scraping the endpoint + properties: + ca: + description: Certificate authority used + when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in + the Prometheus container to use for + the targets. + type: string + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert + file in the Prometheus container for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keyFile: + description: Path to the client key + file in the Prometheus container for + the targets. + type: string + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: "JobLabel selects the label from + the associated Kubernetes service which will + be used as the `job` label for all metrics. + \n For example: If in `ServiceMonitor.spec.jobLabel: + foo` and in `Service.metadata.labels.foo: bar`, + then the `job=\"bar\"` label is added to all + metrics. \n If the value of this field is empty + or if the label doesn't exist for the given + Service, the `job` label of the metrics defaults + to the name of the Kubernetes Service." + type: string + labelLimit: + description: Per-scrape limit on number of labels + that will be accepted for a sample. Only valid + in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels + name that will be accepted for a sample. Only + valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels + value that will be accepted for a sample. Only + valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces + the Kubernetes Endpoints objects are discovered + from. + properties: + any: + description: Boolean describing whether all + namespaces are selected in contrast to a + list restricting them. + type: boolean + matchNames: + description: List of namespace names to select + from. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels + on the Kubernetes `Pod` onto the created metrics. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit + on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + targetLabels: + description: TargetLabels transfers labels from + the Kubernetes `Service` onto the created metrics. + items: + type: string + type: array + targetLimit: + description: TargetLimit defines a limit on the + number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - endpoints + - selector + type: object + type: object + type: object + type: object + required: + - enabled + type: object + numHistoryShards: + description: NumHistoryShards is the desired number of history shards. + This field is immutable. + format: int32 + minimum: 1 + type: integer + persistence: + description: Persistence defines temporal persistence configuration. + properties: + advancedVisibilityStore: + description: AdvancedVisibilityStore holds the avanced visibility + datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: + type: string + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - datacenter + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persitence spec. + Defaults to "default" for default sore, "visibility" for + visibility store, "secondaryVisibility" for secondary visibility + store and "advancedVisibility" for advanced visibility store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: + type: string + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + required: + - passwordSecretRef + type: object + defaultStore: + description: DefaultStore holds the default datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: + type: string + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - datacenter + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persitence spec. + Defaults to "default" for default sore, "visibility" for + visibility store, "secondaryVisibility" for secondary visibility + store and "advancedVisibility" for advanced visibility store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: + type: string + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + required: + - passwordSecretRef + type: object + secondaryVisibilityStore: + description: SecondaryVisibilityStore holds the secondary visibility + datastore specs. Feature only available for clusters >= 1.21.0. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: + type: string + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - datacenter + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persitence spec. + Defaults to "default" for default sore, "visibility" for + visibility store, "secondaryVisibility" for secondary visibility + store and "advancedVisibility" for advanced visibility store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: + type: string + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + required: + - passwordSecretRef + type: object + visibilityStore: + description: VisibilityStore holds the visibility datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: + type: string + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - datacenter + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persitence spec. + Defaults to "default" for default sore, "visibility" for + visibility store, "secondaryVisibility" for secondary visibility + store and "advancedVisibility" for advanced visibility store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: + type: string + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + required: + - passwordSecretRef + type: object + required: + - defaultStore + - visibilityStore + type: object + services: + description: Services allows customizations for each temporal services + deployment. + properties: + frontend: + description: Frontend service custom specifications. + properties: + membershipPort: + description: 'Port defines a custom membership port for the + service. Default values are: 6933 for Frontend service 6934 + for History service 6935 for Matching service 6939 for Worker + service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. + properties: + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + history: + description: History service custom specifications. + properties: + membershipPort: + description: 'Port defines a custom membership port for the + service. Default values are: 6933 for Frontend service 6934 + for History service 6935 for Matching service 6939 for Worker + service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. + properties: + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + internalFrontend: + description: Internal Frontend service custom specifications. + Only compatible with temporal >= 1.20.0 + properties: + enabled: + default: false + description: Enabled defines if we want to spawn the internal + frontend service. + type: boolean + membershipPort: + description: 'Port defines a custom membership port for the + service. Default values are: 6933 for Frontend service 6934 + for History service 6935 for Matching service 6939 for Worker + service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. + properties: + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + matching: + description: Matching service custom specifications. + properties: + membershipPort: + description: 'Port defines a custom membership port for the + service. Default values are: 6933 for Frontend service 6934 + for History service 6935 for Matching service 6939 for Worker + service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. + properties: + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + overrides: + description: Overrides adds some overrides to the resources deployed + for all temporal services services. Those overrides can be customized + per service using spec.services..overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability to + override an object metadata. It's a subset of the fields + included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. + type: object + type: object + spec: + description: Specification of the desired behavior of + the Deployment. + properties: + template: + description: Template describes the pods that will + be created. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset + of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + worker: + description: Worker service custom specifications. + properties: + membershipPort: + description: 'Port defines a custom membership port for the + service. Default values are: 6933 for Frontend service 6934 + for History service 6935 for Matching service 6939 for Worker + service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. + properties: + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + ui: + description: UI allows configuration of the optional temporal web + ui deployed alongside the cluster. + properties: + enabled: + description: Enabled defines if the operator should deploy the + web ui alongside the cluster. + type: boolean + image: + description: Image defines the temporal ui docker image the instance + should run. + type: string + ingress: + description: Ingress is an optional ingress configuration for + the UI. If lived empty, no ingress configuration will be created + and the UI will only by available trough ClusterIP service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows custom annotations on the + ingress ressource. + type: object + hosts: + description: Host is the list of host the ingress should use. + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the name of the IngressClass + the deployed ingress resource should use. + type: string + tls: + description: TLS configuration. + items: + description: IngressTLS describes the transport layer security + associated with an ingress. + properties: + hosts: + description: hosts is a list of hosts included in the + TLS certificate. The values in this list must match + the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + description: secretName is the name of the secret used + to terminate TLS traffic on port 443. Field is left + optional to allow TLS routing based on SNI hostname + alone. If the SNI host in a listener conflicts with + the "Host" header field used by an IngressRule, the + SNI host is used for termination and value of the + "Host" header is used for routing. + type: string + type: object + type: array + required: + - hosts + type: object + overrides: + description: Overrides adds some overrides to the resources deployed + for the ui. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability to + override an object metadata. It's a subset of the fields + included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. + type: object + type: object + spec: + description: Specification of the desired behavior of + the Deployment. + properties: + template: + description: Template describes the pods that will + be created. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset + of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + type: object + replicas: + description: Number of desired replicas for the ui. Default to + 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by the ui. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + version: + description: Version defines the temporal ui version the instance + should run. + type: string + type: object + version: + description: Version defines the temporal version the cluster to be + deployed. This version impacts the underlying persistence schemas + versions. + type: string + required: + - numHistoryShards + - persistence + type: object + status: + description: Most recent observed status of the Temporal cluster. + properties: + conditions: + description: Conditions represent the latest available observations + of the Cluster state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + persistence: + description: Persistence holds all datastores statuses. + properties: + advancedVisibilityStore: + description: AdvancedVisibilityStore holds the avanced visibility + datastore status. + properties: + created: + description: Created indicates if the database or keyspace + has been created. + type: boolean + schemaVersion: + description: SchemaVersion report the current schema version. + type: string + setup: + description: Setup indicates if tables have been set up. + type: boolean + required: + - created + - setup + type: object + defaultStore: + description: DefaultStore holds the default datastore status. + properties: + created: + description: Created indicates if the database or keyspace + has been created. + type: boolean + schemaVersion: + description: SchemaVersion report the current schema version. + type: string + setup: + description: Setup indicates if tables have been set up. + type: boolean + required: + - created + - setup + type: object + secondaryVisibilityStore: + description: SecondaryVisibility holds the secondary visibility + datastore status. + properties: + created: + description: Created indicates if the database or keyspace + has been created. + type: boolean + schemaVersion: + description: SchemaVersion report the current schema version. + type: string + setup: + description: Setup indicates if tables have been set up. + type: boolean + required: + - created + - setup + type: object + visibilityStore: + description: VisibilityStore holds the visibility datastore status. + properties: + created: + description: Created indicates if the database or keyspace + has been created. + type: boolean + schemaVersion: + description: SchemaVersion report the current schema version. + type: string + setup: + description: Setup indicates if tables have been set up. + type: boolean + required: + - created + - setup + type: object + required: + - defaultStore + - visibilityStore + type: object + services: + description: Services holds all services statuses. + items: + description: ServiceStatus reports a service status. + properties: + name: + description: Name of the temporal service. + type: string + ready: + description: Ready defines if the service is ready. + type: boolean + version: + description: Current observed version of the service. + type: string + required: + - name + - ready + - version + type: object + type: array + version: + description: Version holds the current temporal version. + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: temporalnamespaces.temporal.io +spec: + group: temporal.io + names: + kind: TemporalNamespace + listKind: TemporalNamespaceList + plural: temporalnamespaces + singular: temporalnamespace + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: A TemporalNamespace creates a namespace in the targeted temporal + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemporalNamespaceSpec defines the desired state of Namespace. + properties: + activeClusterName: + description: The name of active Temporal Cluster. Only applicable + if the namespace is a global namespace. + type: string + allowDeletion: + description: AllowDeletion makes the controller delete the Temporal + namespace if the CRD is deleted. + type: boolean + clusterRef: + description: Reference to the temporal cluster the namespace will + be created. + properties: + name: + description: The name of the TemporalCluster to reference. + type: string + namespace: + description: The namespace of the TemporalCluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + clusters: + description: List of clusters names to which the namespace can fail + over. Only applicable if the namespace is a global namespace. + items: + type: string + type: array + data: + additionalProperties: + type: string + description: Data is a key-value map for any customized purpose. + type: object + description: + description: Namespace description. + type: string + isGlobalNamespace: + description: IsGlobalNamespace defines whether the namespace is a + global namespace. + type: boolean + ownerEmail: + description: Namespace owner email. + type: string + retentionPeriod: + description: RetentionPeriod to apply on closed workflow executions. + type: string + securityToken: + type: string + required: + - clusterRef + - retentionPeriod + type: object + status: + description: TemporalNamespaceStatus defines the observed state of Namespace. + properties: + conditions: + description: Conditions represent the latest available observations + of the Namespace state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: temporalworkerprocesses.temporal.io +spec: + group: temporal.io + names: + kind: TemporalWorkerProcess + listKind: TemporalWorkerProcessList + plural: temporalworkerprocesses + singular: temporalworkerprocess + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == 'Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status + name: ReconcileSuccess + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TemporalWorkerProcess is the Schema for the temporalworkerprocesses + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess. + properties: + builder: + description: Builder is the configuration for building a TemporalWorkerProcess. + THIS FEATURE IS HIGHLY EXPERIMENTAL. + properties: + attempt: + description: BuildAttempt is the build attempt number of a given + version + format: int32 + type: integer + buildDir: + description: BuildDir is the location of where the sources will + be built. + type: string + buildRegistry: + description: BuildRegistry specifies how to connect to container + registry. + properties: + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the docker repo password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + repository: + description: Repository is the fqdn to the image repo. + type: string + username: + description: Username is the username for the container repo. + type: string + required: + - passwordSecretRef + - repository + - username + type: object + enabled: + description: Enabled defines if the operator should build the + temporal worker process. + type: boolean + gitRepository: + description: GitRepository specifies how to connect to Git source + control. + properties: + reference: + description: Reference specifies the Git reference to resolve + and monitor for changes, defaults to the 'master' branch. + properties: + branch: + description: Branch to check out, defaults to 'main' if + no other field is defined. + type: string + type: object + url: + description: URL specifies the Git repository URL, it can + be an HTTP/S or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + required: + - url + type: object + image: + description: Image is the image that will be used to build worker + image. + type: string + version: + description: Version is the version of the image that will be + used to build worker image. + type: string + required: + - enabled + type: object + clusterRef: + description: Reference to the temporal cluster the worker will connect + to. + properties: + name: + description: The name of the TemporalCluster to reference. + type: string + namespace: + description: The namespace of the TemporalCluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + image: + description: Image defines the temporal worker docker image the instance + should run. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling temporal images from registries. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + jobTtlSecondsAfterFinished: + default: 300 + description: JobTTLSecondsAfterFinished is amount of time to keep + job pods after jobs are completed. Defaults to 300 seconds. + format: int32 + minimum: 1 + type: integer + pullPolicy: + description: Image pull policy for determining how to pull worker + process images. + type: string + replicas: + description: Number of desired replicas. Default to 1. + format: int32 + minimum: 1 + type: integer + temporalNamespace: + description: TemporalNamespace that worker will poll. + type: string + version: + description: Version defines the worker process version. + type: string + required: + - clusterRef + - image + - temporalNamespace + type: object + status: + description: TemporalWorkerProcessStatus defines the observed state of + TemporalWorkerProcess. + properties: + attempt: + description: BuildAttempt is the build attempt number of a given version + format: int32 + type: integer + conditions: + description: Conditions represent the latest available observations + of the worker process state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + created: + description: Created indicates if the worker process image was created. + type: boolean + ready: + description: Ready defines if the worker process is ready. + type: boolean + version: + description: Version is the version of the image that will be used + to build worker image. + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/temporal-operator/templates/_helpers.tpl b/charts/temporal-operator/templates/_helpers.tpl new file mode 100644 index 00000000..6fd577f4 --- /dev/null +++ b/charts/temporal-operator/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "temporal-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "temporal-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "temporal-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "temporal-operator.labels" -}} +helm.sh/chart: {{ include "temporal-operator.chart" . }} +{{ include "temporal-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "temporal-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "temporal-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "temporal-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "temporal-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/temporal-operator/templates/deployment.yaml b/charts/temporal-operator/templates/deployment.yaml new file mode 100644 index 00000000..315dbade --- /dev/null +++ b/charts/temporal-operator/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "temporal-operator.fullname" . }}-controller-manager + labels: + control-plane: controller-manager + {{- include "temporal-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.manager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "temporal-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "temporal-operator.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: {{- toYaml .Values.manager.args | nindent 8 }} + command: + - /manager + image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag | default .Chart.AppVersion }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.manager.containerSecurityContext | nindent 10 }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + imagePullSecrets: {{ .Values.imagePullSecrets | default list | toJson }} + securityContext: + runAsNonRoot: true + serviceAccountName: {{ include "temporal-operator.fullname" . }}-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert \ No newline at end of file diff --git a/charts/temporal-operator/templates/leader-election-rbac.yaml b/charts/temporal-operator/templates/leader-election-rbac.yaml new file mode 100644 index 00000000..b3343516 --- /dev/null +++ b/charts/temporal-operator/templates/leader-election-rbac.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "temporal-operator.fullname" . }}-leader-election-role + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "temporal-operator.fullname" . }}-leader-election-rolebinding + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "temporal-operator.fullname" . }}-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "temporal-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/temporal-operator/templates/manager-rbac.yaml b/charts/temporal-operator/templates/manager-rbac.yaml new file mode 100644 index 00000000..56e4a535 --- /dev/null +++ b/charts/temporal-operator/templates/manager-rbac.yaml @@ -0,0 +1,254 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "temporal-operator.fullname" . }}-manager-role + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - security.istio.io + resources: + - peerauthentications + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - temporal.io + resources: + - temporalclusterclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - temporal.io + resources: + - temporalclusterclients/finalizers + verbs: + - update +- apiGroups: + - temporal.io + resources: + - temporalclusterclients/status + verbs: + - get + - patch + - update +- apiGroups: + - temporal.io + resources: + - temporalclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - temporal.io + resources: + - temporalclusters/finalizers + verbs: + - update +- apiGroups: + - temporal.io + resources: + - temporalclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - temporal.io + resources: + - temporalnamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - temporal.io + resources: + - temporalnamespaces/finalizers + verbs: + - update +- apiGroups: + - temporal.io + resources: + - temporalnamespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - temporal.io + resources: + - temporalworkerprocesses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - temporal.io + resources: + - temporalworkerprocesses/finalizers + verbs: + - update +- apiGroups: + - temporal.io + resources: + - temporalworkerprocesses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "temporal-operator.fullname" . }}-manager-rolebinding + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "temporal-operator.fullname" . }}-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "temporal-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/temporal-operator/templates/mutating-webhook-configuration.yaml b/charts/temporal-operator/templates/mutating-webhook-configuration.yaml new file mode 100644 index 00000000..fcc3b1da --- /dev/null +++ b/charts/temporal-operator/templates/mutating-webhook-configuration.yaml @@ -0,0 +1,49 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "temporal-operator.fullname" . }}-mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "temporal-operator.fullname" . }}-serving-cert + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "temporal-operator.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /mutate-temporal-io-v1beta1-temporalcluster + failurePolicy: Fail + name: mtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "temporal-operator.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /mutate-temporal-io-v1beta1-temporalworkerprocess + failurePolicy: Fail + name: mtemporalworkerprocess.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalworkerprocesses + sideEffects: None \ No newline at end of file diff --git a/charts/temporal-operator/templates/selfsigned-issuer.yaml b/charts/temporal-operator/templates/selfsigned-issuer.yaml new file mode 100644 index 00000000..29984054 --- /dev/null +++ b/charts/temporal-operator/templates/selfsigned-issuer.yaml @@ -0,0 +1,10 @@ +{{- if not .Values.webhook.certManager.certificate.useCustomIssuer }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "temporal-operator.fullname" . }}-selfsigned-issuer + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +spec: + selfSigned: {} +{{- end }} \ No newline at end of file diff --git a/charts/temporal-operator/templates/serviceaccount.yaml b/charts/temporal-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..2c32eb74 --- /dev/null +++ b/charts/temporal-operator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "temporal-operator.fullname" . }}-controller-manager + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.manager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/temporal-operator/templates/serving-cert.yaml b/charts/temporal-operator/templates/serving-cert.yaml new file mode 100644 index 00000000..8b4a72c6 --- /dev/null +++ b/charts/temporal-operator/templates/serving-cert.yaml @@ -0,0 +1,20 @@ +{{- if .Values.webhook.certManager.certificate.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "temporal-operator.fullname" . }}-serving-cert + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +spec: + dnsNames: + - '{{ include "temporal-operator.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc' + - '{{ include "temporal-operator.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesClusterDomain }}' + issuerRef: + {{- if .Values.webhook.certManager.certificate.useCustomIssuer }} + {{- toYaml .Values.webhook.certManager.certificate.issuerRef | nindent 4 }} + {{- else }} + kind: Issuer + name: '{{ include "temporal-operator.fullname" . }}-selfsigned-issuer' + {{- end }} + secretName: webhook-server-cert +{{- end }} \ No newline at end of file diff --git a/charts/temporal-operator/templates/validating-webhook-configuration.yaml b/charts/temporal-operator/templates/validating-webhook-configuration.yaml new file mode 100644 index 00000000..babf8651 --- /dev/null +++ b/charts/temporal-operator/templates/validating-webhook-configuration.yaml @@ -0,0 +1,49 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ include "temporal-operator.fullname" . }}-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "temporal-operator.fullname" . }}-serving-cert + labels: + {{- include "temporal-operator.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "temporal-operator.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-temporal-io-v1beta1-temporalcluster + failurePolicy: Fail + name: vtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "temporal-operator.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-temporal-io-v1beta1-temporalworkerprocess + failurePolicy: Fail + name: vtemporalworkerprocess.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalworkerprocesses + sideEffects: None \ No newline at end of file diff --git a/charts/temporal-operator/templates/webhook-service.yaml b/charts/temporal-operator/templates/webhook-service.yaml new file mode 100644 index 00000000..b41bd2b8 --- /dev/null +++ b/charts/temporal-operator/templates/webhook-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "temporal-operator.fullname" . }}-webhook-service + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: temporal-operator + app.kubernetes.io/part-of: temporal-operator + {{- include "temporal-operator.labels" . | nindent 4 }} +spec: + type: {{ .Values.webhook.type }} + selector: + control-plane: controller-manager + {{- include "temporal-operator.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.webhook.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/temporal-operator/values.yaml b/charts/temporal-operator/values.yaml new file mode 100644 index 00000000..e77e4eb2 --- /dev/null +++ b/charts/temporal-operator/values.yaml @@ -0,0 +1,35 @@ +manager: + args: + - --leader-elect + containerSecurityContext: + allowPrivilegeEscalation: false + image: + repository: ghcr.io/alexandrevilain/temporal-operator + tag: v0.13.3 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + replicas: 1 + serviceAccount: + annotations: {} + +webhook: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + type: ClusterIP + certManager: + certificate: + enabled: true + useCustomIssuer: false + # Issuer references if you want to use custom issuer + # In other case will be used selfSigned issuer + issuerRef: {} + +imagePullSecrets: [] +kubernetesClusterDomain: cluster.local diff --git a/config/crd/bases/temporal.io_temporalclusters.yaml b/config/crd/bases/temporal.io_temporalclusters.yaml index adb25b36..e2ab1971 100644 --- a/config/crd/bases/temporal.io_temporalclusters.yaml +++ b/config/crd/bases/temporal.io_temporalclusters.yaml @@ -280,11 +280,11 @@ spec: metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -310,27 +310,27 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -353,7 +353,7 @@ spec: description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -369,7 +369,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -449,11 +449,11 @@ spec: metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -479,27 +479,27 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -596,11 +596,11 @@ spec: relabelings: description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -626,27 +626,27 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array