alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2025-12-04 21:29:28 +00:00
parent d008c08479
commit 2654baa2c5
2100 changed files with 365994 additions and 380674 deletions
Download Patch File Download Diff File Expand all files Collapse all files
clusters/cl01tl/manifests/elastic-operator/ClusterRole-elastic-operator-edit.yaml
+45
View File
@@ -0,0 +1,45 @@
---
# Source: elastic-operator/charts/eck-operator/templates/cluster-roles.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "elastic-operator-edit"
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ["elasticsearch.k8s.elastic.co"]
resources: ["elasticsearches"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["autoscaling.k8s.elastic.co"]
resources: ["elasticsearchautoscalers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["apm.k8s.elastic.co"]
resources: ["apmservers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["kibana.k8s.elastic.co"]
resources: ["kibanas"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["enterprisesearch.k8s.elastic.co"]
resources: ["enterprisesearches"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["beat.k8s.elastic.co"]
resources: ["beats"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["agent.k8s.elastic.co"]
resources: ["agents"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["maps.k8s.elastic.co"]
resources: ["elasticmapsservers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
resources: ["stackconfigpolicies"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["logstash.k8s.elastic.co"]
resources: ["logstashes"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
clusters/cl01tl/manifests/elastic-operator/ClusterRole-elastic-operator-view.yaml
+46
View File
@@ -0,0 +1,46 @@
---
# Source: elastic-operator/charts/eck-operator/templates/cluster-roles.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "elastic-operator-view"
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ["elasticsearch.k8s.elastic.co"]
resources: ["elasticsearches"]
verbs: ["get", "list", "watch"]
- apiGroups: ["autoscaling.k8s.elastic.co"]
resources: ["elasticsearchautoscalers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apm.k8s.elastic.co"]
resources: ["apmservers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["kibana.k8s.elastic.co"]
resources: ["kibanas"]
verbs: ["get", "list", "watch"]
- apiGroups: ["enterprisesearch.k8s.elastic.co"]
resources: ["enterprisesearches"]
verbs: ["get", "list", "watch"]
- apiGroups: ["beat.k8s.elastic.co"]
resources: ["beats"]
verbs: ["get", "list", "watch"]
- apiGroups: ["agent.k8s.elastic.co"]
resources: ["agents"]
verbs: ["get", "list", "watch"]
- apiGroups: ["maps.k8s.elastic.co"]
resources: ["elasticmapsservers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
resources: ["stackconfigpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["logstash.k8s.elastic.co"]
resources: ["logstashes"]
verbs: ["get", "list", "watch"]
clusters/cl01tl/manifests/elastic-operator/ClusterRole-elastic-operator.yaml
+244
View File
@@ -0,0 +1,244 @@
---
# Source: elastic-operator/charts/eck-operator/templates/cluster-roles.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- "authorization.k8s.io"
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- elastic-operator-leader
verbs:
- get
- watch
- update
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- events
- persistentvolumeclaims
- secrets
- services
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
- statefulsets
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- elasticsearch.k8s.elastic.co
resources:
- elasticsearches
- elasticsearches/status
- elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- autoscaling.k8s.elastic.co
resources:
- elasticsearchautoscalers
- elasticsearchautoscalers/status
- elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- kibana.k8s.elastic.co
resources:
- kibanas
- kibanas/status
- kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- apm.k8s.elastic.co
resources:
- apmservers
- apmservers/status
- apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- enterprisesearch.k8s.elastic.co
resources:
- enterprisesearches
- enterprisesearches/status
- enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- beat.k8s.elastic.co
resources:
- beats
- beats/status
- beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- agent.k8s.elastic.co
resources:
- agents
- agents/status
- agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- maps.k8s.elastic.co
resources:
- elasticmapsservers
- elasticmapsservers/status
- elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- stackconfigpolicy.k8s.elastic.co
resources:
- stackconfigpolicies
- stackconfigpolicies/status
- stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- logstash.k8s.elastic.co
resources:
- logstashes
- logstashes/status
- logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
clusters/cl01tl/manifests/elastic-operator/ClusterRoleBinding-elastic-operator.yaml
+20
View File
@@ -0,0 +1,20 @@
---
# Source: elastic-operator/charts/eck-operator/templates/role-bindings.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: elastic-operator
subjects:
- kind: ServiceAccount
name: elastic-operator
namespace: elastic-operator
clusters/cl01tl/manifests/elastic-operator/ConfigMap-elastic-operator.yaml
+40
View File
@@ -0,0 +1,40 @@
---
# Source: elastic-operator/charts/eck-operator/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: elastic-operator
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
data:
eck.yaml: |-
log-verbosity: 0
metrics-port: 9000
metrics-secure: false
container-registry: docker.elastic.co
max-concurrent-reconciles: 3
ca-cert-validity: 8760h
ca-cert-rotate-before: 24h
cert-validity: 8760h
cert-rotate-before: 24h
disable-config-watch: false
exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
set-default-security-context: auto-detect
kube-client-timeout: 60s
elasticsearch-client-timeout: 180s
disable-telemetry: true
distribution-channel: helm
validate-storage-class: true
enable-webhook: true
webhook-name: elastic-operator.elastic-operator.k8s.elastic.co
webhook-port: 9443
namespaces: [tubearchivist,stalwart]
operator-namespace: elastic-operator
enable-leader-election: true
elasticsearch-observation-interval: 10s
ubi-only: false
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-agents.agent.k8s.elastic.co.yaml
+1097
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-apmservers.apm.k8s.elastic.co.yaml
+1186
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-beats.beat.k8s.elastic.co.yaml
+463
View File
@@ -0,0 +1,463 @@
---
# Source: elastic-operator/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'elastic-operator'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '3.2.0'
helm.sh/chart: 'eck-operator-crds-3.2.0'
name: beats.beat.k8s.elastic.co
spec:
group: beat.k8s.elastic.co
names:
categories:
- elastic
kind: Beat
listKind: BeatList
plural: beats
shortNames:
- beat
singular: beat
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.health
name: health
type: string
- description: Available nodes
jsonPath: .status.availableNodes
name: available
type: integer
- description: Expected nodes
jsonPath: .status.expectedNodes
name: expected
type: integer
- description: Beat type
jsonPath: .spec.type
name: type
type: string
- description: Beat version
jsonPath: .status.version
name: version
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: Beat is the Schema for the Beats API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BeatSpec defines the desired state of a Beat.
properties:
config:
description: Config holds the Beat configuration. At most one of [`Config`, `ConfigRef`] can be specified.
type: object
x-kubernetes-preserve-unknown-fields: true
configRef:
description: |-
ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration.
Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`]
can be specified.
properties:
secretName:
description: SecretName is the name of the secret.
type: string
type: object
daemonSet:
description: |-
DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec.
Cannot be used along with `deployment`. If both are absent a default for the Type is used.
properties:
podTemplate:
description: PodTemplateSpec describes the data a pod should have when created from a template
type: object
x-kubernetes-preserve-unknown-fields: true
updateStrategy:
description: DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
properties:
rollingUpdate:
description: Rolling update config params. Present only if type = "RollingUpdate".
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of nodes with an existing available DaemonSet pod that
can have an updated DaemonSet pod during during an update.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
This can not be 0 if MaxUnavailable is 0.
Absolute number is calculated from percentage by rounding up to a minimum of 1.
Default value is 0.
Example: when this is set to 30%, at most 30% of the total number of nodes
that should be running the daemon pod (i.e. status.desiredNumberScheduled)
can have their a new pod created before the old pod is marked as deleted.
The update starts by launching new pods on 30% of nodes. Once an updated
pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
on that node is marked deleted. If the old pod becomes unavailable for any
reason (Ready transitions to false, is evicted, or is drained) an updated
pod is immediately created on that node without considering surge limits.
Allowing surge implies the possibility that the resources consumed by the
daemonset on any given node can double if the readiness check fails, and
so resource intensive daemonsets should take into account that they may
cause evictions during disruption.
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of DaemonSet pods that can be unavailable during the
update. Value can be an absolute number (ex: 5) or a percentage of total
number of DaemonSet pods at the start of the update (ex: 10%). Absolute
number is calculated from percentage by rounding up.
This cannot be 0 if MaxSurge is 0
Default value is 1.
Example: when this is set to 30%, at most 30% of the total number of nodes
that should be running the daemon pod (i.e. status.desiredNumberScheduled)
can have their pods stopped for an update at any given time. The update
starts by stopping at most 30% of those DaemonSet pods and then brings
up new DaemonSet pods in their place. Once the new pods are available,
it then proceeds onto other DaemonSet pods, thus ensuring that at least
70% of original number of DaemonSet pods are available at all times during
the update.
x-kubernetes-int-or-string: true
type: object
type:
description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
type: string
type: object
type: object
deployment:
description: |-
Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec.
Cannot be used along with `daemonSet`. If both are absent a default for the Type is used.
properties:
podTemplate:
description: PodTemplateSpec describes the data a pod should have when created from a template
type: object
x-kubernetes-preserve-unknown-fields: true
replicas:
format: int32
type: integer
strategy:
description: DeploymentStrategy describes how to replace existing pods with new ones.
properties:
rollingUpdate:
description: |-
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of pods that can be scheduled above the desired number of
pods.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
This can not be 0 if MaxUnavailable is 0.
Absolute number is calculated from percentage by rounding up.
Defaults to 25%.
Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
the rolling update starts, such that the total number of old and new pods do not exceed
130% of desired pods. Once old pods have been killed,
new ReplicaSet can be scaled up further, ensuring that total number of pods running
at any time during the update is at most 130% of desired pods.
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of pods that can be unavailable during the update.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
Absolute number is calculated from percentage by rounding down.
This can not be 0 if MaxSurge is 0.
Defaults to 25%.
Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
that the total number of pods available at all times during the update is at
least 70% of desired pods.
x-kubernetes-int-or-string: true
type: object
type:
description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
type: string
type: object
type: object
elasticsearchRef:
description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
properties:
name:
description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
type: string
secretName:
description: |-
SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
Elastic resource not managed by the operator.
The referenced secret must contain the following:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
description: |-
ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
the referenced resource is used.
type: string
type: object
image:
description: Image is the Beat Docker image to deploy. Version and Type have to match the Beat in the image.
type: string
kibanaRef:
description: |-
KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster.
It allows automatic setup of dashboards and visualizations.
properties:
name:
description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
type: string
secretName:
description: |-
SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
Elastic resource not managed by the operator.
The referenced secret must contain the following:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
description: |-
ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
the referenced resource is used.
type: string
type: object
monitoring:
description: |-
Monitoring enables you to collect and ship logs and metrics for this Beat.
Metricbeat and/or Filebeat sidecars are configured and send monitoring data to an
Elasticsearch monitoring cluster running in the same Kubernetes cluster.
properties:
logs:
description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource.
properties:
elasticsearchRefs:
description: |-
ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
Due to existing limitations, only a single Elasticsearch cluster is currently supported.
items:
description: |-
ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
or a Secret describing an external Elastic resource not managed by the operator.
properties:
name:
description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
type: string
secretName:
description: |-
SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
Elastic resource not managed by the operator.
The referenced secret must contain the following:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
description: |-
ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
the referenced resource is used.
type: string
type: object
type: array
type: object
metrics:
description: Metrics holds references to Elasticsearch clusters which receive monitoring data from this resource.
properties:
elasticsearchRefs:
description: |-
ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
Due to existing limitations, only a single Elasticsearch cluster is currently supported.
items:
description: |-
ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
or a Secret describing an external Elastic resource not managed by the operator.
properties:
name:
description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
type: string
secretName:
description: |-
SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
Elastic resource not managed by the operator.
The referenced secret must contain the following:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
description: |-
ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
the referenced resource is used.
type: string
type: object
type: array
type: object
type: object
revisionHistoryLimit:
description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying DaemonSet or Deployment.
format: int32
type: integer
secureSettings:
description: |-
SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat.
Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of
each SecureSetting.
items:
description: SecretSource defines a data source based on a Kubernetes Secret.
properties:
entries:
description: |-
Entries define how to project each key-value pair in the secret to filesystem paths.
If not defined, all keys will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the corresponding paths.
items:
description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
properties:
key:
description: Key is the key contained in the secret.
type: string
path:
description: |-
Path is the relative file path to map the key to.
Path must not be an absolute file path and must not contain any ".." components.
type: string
required:
- key
type: object
type: array
secretName:
description: SecretName is the name of the secret.
type: string
required:
- secretName
type: object
type: array
serviceAccountName:
description: |-
ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace.
Can only be used if ECK is enforcing RBAC on references.
type: string
type:
description: |-
Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, and so on).
Any string can be used, but well-known types will have the image field defaulted and have the appropriate
Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`.
maxLength: 20
pattern: '[a-zA-Z0-9-]+'
type: string
version:
description: Version of the Beat.
type: string
required:
- type
- version
type: object
status:
description: BeatStatus defines the observed state of a Beat.
properties:
availableNodes:
format: int32
type: integer
elasticsearchAssociationStatus:
description: AssociationStatus is the status of an association resource.
type: string
expectedNodes:
format: int32
type: integer
health:
type: string
kibanaAssociationStatus:
description: AssociationStatus is the status of an association resource.
type: string
monitoringAssociationStatus:
additionalProperties:
description: AssociationStatus is the status of an association resource.
type: string
description: |-
AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
type: object
observedGeneration:
description: |-
ObservedGeneration represents the .metadata.generation that the status is based upon.
It corresponds to the metadata generation, which is updated on mutation by the API Server.
If the generation observed in status diverges from the generation in metadata, the Beats
controller has not yet processed the changes contained in the Beats specification.
format: int64
type: integer
version:
description: |-
Version of the stack resource currently running. During version upgrades, multiple versions may run
in parallel: this value specifies the lowest version currently running.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-elasticmapsservers.maps.k8s.elastic.co.yaml
+584
View File
@@ -0,0 +1,584 @@
---
# Source: elastic-operator/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'elastic-operator'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '3.2.0'
helm.sh/chart: 'eck-operator-crds-3.2.0'
name: elasticmapsservers.maps.k8s.elastic.co
spec:
group: maps.k8s.elastic.co
names:
categories:
- elastic
kind: ElasticMapsServer
listKind: ElasticMapsServerList
plural: elasticmapsservers
shortNames:
- ems
singular: elasticmapsserver
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.health
name: health
type: string
- description: Available nodes
jsonPath: .status.availableNodes
name: nodes
type: integer
- description: ElasticMapsServer version
jsonPath: .status.version
name: version
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ElasticMapsServer represents an Elastic Map Server resource in a Kubernetes cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MapsSpec holds the specification of an Elastic Maps Server instance.
properties:
config:
description: 'Config holds the ElasticMapsServer configuration. See: https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration'
type: object
x-kubernetes-preserve-unknown-fields: true
configRef:
description: |-
ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration.
Configuration settings are merged and have precedence over settings specified in `config`.
properties:
secretName:
description: SecretName is the name of the secret.
type: string
type: object
count:
description: Count of Elastic Maps Server instances to deploy.
format: int32
type: integer
elasticsearchRef:
description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
properties:
name:
description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
type: string
secretName:
description: |-
SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
Elastic resource not managed by the operator.
The referenced secret must contain the following:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
description: |-
ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
the referenced resource is used.
type: string
type: object
http:
description: HTTP holds the HTTP layer configuration for Elastic Maps Server.
properties:
service:
description: Service defines the template for the associated Kubernetes Service object.
properties:
metadata:
description: |-
ObjectMeta is the metadata of the service.
The name and namespace provided here are managed by ECK and will be ignored.
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
description: Spec is the specification of the service.
properties:
allocateLoadBalancerNodePorts:
description: |-
allocateLoadBalancerNodePorts defines if NodePorts will be automatically
allocated for services with type LoadBalancer. Default is "true". It
may be set to "false" if the cluster load-balancer does not rely on
NodePorts. If the caller requests specific NodePorts (by specifying a
value), those requests will be respected, regardless of this field.
This field may only be set for services with type LoadBalancer and will
be cleared if the type is changed to any other type.
type: boolean
clusterIP:
description: |-
clusterIP is the IP address of the service and is usually assigned
randomly. If an address is specified manually, is in-range (as per
system configuration), and is not in use, it will be allocated to the
service; otherwise creation of the service will fail. This field may not
be changed through updates unless the type field is also being changed
to ExternalName (which requires this field to be blank) or the type
field is being changed from ExternalName (in which case this field may
optionally be specified, as describe above). Valid values are "None",
empty string (""), or a valid IP address. Setting this to "None" makes a
"headless service" (no virtual IP), which is useful when direct endpoint
connections are preferred and proxying is not required. Only applies to
types ClusterIP, NodePort, and LoadBalancer. If this field is specified
when creating a Service of type ExternalName, creation will fail. This
field will be wiped when updating a Service to type ExternalName.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
type: string
clusterIPs:
description: |-
ClusterIPs is a list of IP addresses assigned to this service, and are
usually assigned randomly. If an address is specified manually, is
in-range (as per system configuration), and is not in use, it will be
allocated to the service; otherwise creation of the service will fail.
This field may not be changed through updates unless the type field is
also being changed to ExternalName (which requires this field to be
empty) or the type field is being changed from ExternalName (in which
case this field may optionally be specified, as describe above). Valid
values are "None", empty string (""), or a valid IP address. Setting
this to "None" makes a "headless service" (no virtual IP), which is
useful when direct endpoint connections are preferred and proxying is
not required. Only applies to types ClusterIP, NodePort, and
LoadBalancer. If this field is specified when creating a Service of type
ExternalName, creation will fail. This field will be wiped when updating
a Service to type ExternalName. If this field is not specified, it will
be initialized from the clusterIP field. If this field is specified,
clients must ensure that clusterIPs[0] and clusterIP have the same
value.
This field may hold a maximum of two entries (dual-stack IPs, in either order).
These IPs must correspond to the values of the ipFamilies field. Both
clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
items:
type: string
type: array
x-kubernetes-list-type: atomic
externalIPs:
description: |-
externalIPs is a list of IP addresses for which nodes in the cluster
will also accept traffic for this service. These IPs are not managed by
Kubernetes. The user is responsible for ensuring that traffic arrives
at a node with this IP. A common example is external load-balancers
that are not part of the Kubernetes system.
items:
type: string
type: array
x-kubernetes-list-type: atomic
externalName:
description: |-
externalName is the external reference that discovery mechanisms will
return as an alias for this service (e.g. a DNS CNAME record). No
proxying will be involved. Must be a lowercase RFC-1123 hostname
(https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
type: string
externalTrafficPolicy:
description: |-
externalTrafficPolicy describes how nodes distribute service traffic they
receive on one of the Service's "externally-facing" addresses (NodePorts,
ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
the service in a way that assumes that external load balancers will take care
of balancing the service traffic between nodes, and so each node will deliver
traffic only to the node-local endpoints of the service, without masquerading
the client source IP. (Traffic mistakenly sent to a node with no endpoints will
be dropped.) The default value, "Cluster", uses the standard behavior of
routing to all endpoints evenly (possibly modified by topology and other
features). Note that traffic sent to an External IP or LoadBalancer IP from
within the cluster will always get "Cluster" semantics, but clients sending to
a NodePort from within the cluster may need to take traffic policy into account
when picking a node.
type: string
healthCheckNodePort:
description: |-
healthCheckNodePort specifies the healthcheck nodePort for the service.
This only applies when type is set to LoadBalancer and
externalTrafficPolicy is set to Local. If a value is specified, is
in-range, and is not in use, it will be used. If not specified, a value
will be automatically allocated. External systems (e.g. load-balancers)
can use this port to determine if a given node holds endpoints for this
service or not. If this field is specified when creating a Service
which does not need it, creation will fail. This field will be wiped
when updating a Service to no longer need it (e.g. changing type).
This field cannot be updated once set.
format: int32
type: integer
internalTrafficPolicy:
description: |-
InternalTrafficPolicy describes how nodes distribute service traffic they
receive on the ClusterIP. If set to "Local", the proxy will assume that pods
only want to talk to endpoints of the service on the same node as the pod,
dropping the traffic if there are no local endpoints. The default value,
"Cluster", uses the standard behavior of routing to all endpoints evenly
(possibly modified by topology and other features).
type: string
ipFamilies:
description: |-
IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
service. This field is usually assigned automatically based on cluster
configuration and the ipFamilyPolicy field. If this field is specified
manually, the requested family is available in the cluster,
and ipFamilyPolicy allows it, it will be used; otherwise creation of
the service will fail. This field is conditionally mutable: it allows
for adding or removing a secondary IP family, but it does not allow
changing the primary IP family of the Service. Valid values are "IPv4"
and "IPv6". This field only applies to Services of types ClusterIP,
NodePort, and LoadBalancer, and does apply to "headless" services.
This field will be wiped when updating a Service to type ExternalName.
This field may hold a maximum of two entries (dual-stack families, in
either order). These families must correspond to the values of the
clusterIPs field, if specified. Both clusterIPs and ipFamilies are
governed by the ipFamilyPolicy field.
items:
description: |-
IPFamily represents the IP Family (IPv4 or IPv6). This type is used
to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
type: string
type: array
x-kubernetes-list-type: atomic
ipFamilyPolicy:
description: |-
IPFamilyPolicy represents the dual-stack-ness requested or required by
this Service. If there is no value provided, then this field will be set
to SingleStack. Services can be "SingleStack" (a single IP family),
"PreferDualStack" (two IP families on dual-stack configured clusters or
a single IP family on single-stack clusters), or "RequireDualStack"
(two IP families on dual-stack configured clusters, otherwise fail). The
ipFamilies and clusterIPs fields depend on the value of this field. This
field will be wiped when updating a service to type ExternalName.
type: string
loadBalancerClass:
description: |-
loadBalancerClass is the class of the load balancer implementation this Service belongs to.
If specified, the value of this field must be a label-style identifier, with an optional prefix,
e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
balancer implementation is used, today this is typically done through the cloud provider integration,
but should apply for any default implementation. If set, it is assumed that a load balancer
implementation is watching for Services with a matching class. Any default load balancer
implementation (e.g. cloud providers) should ignore Services that set this field.
This field can only be set when creating or updating a Service to type 'LoadBalancer'.
Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
type: string
loadBalancerIP:
description: |-
Only applies to Service Type: LoadBalancer.
This feature depends on whether the underlying cloud-provider supports specifying
the loadBalancerIP when a load balancer is created.
This field will be ignored if the cloud-provider does not support the feature.
Deprecated: This field was under-specified and its meaning varies across implementations.
Using it is non-portable and it may not support dual-stack.
Users are encouraged to use implementation-specific annotations when available.
type: string
loadBalancerSourceRanges:
description: |-
If specified and supported by the platform, this will restrict traffic through the cloud-provider
load-balancer will be restricted to the specified client IPs. This field will be ignored if the
cloud-provider does not support the feature."
More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
items:
type: string
type: array
x-kubernetes-list-type: atomic
ports:
description: |-
The list of ports that are exposed by this service.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
items:
description: ServicePort contains information on service's port.
properties:
appProtocol:
description: |-
The application protocol for this port.
This is used as a hint for implementations to offer richer behavior for protocols that they understand.
This field follows standard Kubernetes label syntax.
Valid values are either:
* Un-prefixed protocol names - reserved for IANA standard service names (as per
RFC-6335 and https://www.iana.org/assignments/service-names).
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
* Other protocols should use implementation-defined prefixed names such as
mycompany.com/my-custom-protocol.
type: string
name:
description: |-
The name of this port within the service. This must be a DNS_LABEL.
All ports within a ServiceSpec must have unique names. When considering
the endpoints for a Service, this must match the 'name' field in the
EndpointPort.
Optional if only one ServicePort is defined on this service.
type: string
nodePort:
description: |-
The port on each node on which this service is exposed when type is
NodePort or LoadBalancer. Usually assigned by the system. If a value is
specified, in-range, and not in use it will be used, otherwise the
operation will fail. If not specified, a port will be allocated if this
Service requires one. If this field is specified when creating a
Service which does not need it, creation will fail. This field will be
wiped when updating a Service to no longer need it (e.g. changing type
from NodePort to ClusterIP).
More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
format: int32
type: integer
port:
description: The port that will be exposed by this service.
format: int32
type: integer
protocol:
default: TCP
description: |-
The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
Default is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: |-
Number or name of the port to access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
If this is a string, it will be looked up as a named port in the
target Pod's container ports. If this is not specified, the value
of the 'port' field is used (an identity map).
This field is ignored for services with clusterIP=None, and should be
omitted or set equal to the 'port' field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
x-kubernetes-list-map-keys:
- port
- protocol
x-kubernetes-list-type: map
publishNotReadyAddresses:
description: |-
publishNotReadyAddresses indicates that any agent which deals with endpoints for this
Service should disregard any indications of ready/not-ready.
The primary use case for setting this field is for a StatefulSet's Headless Service to
propagate SRV DNS records for its Pods for the purpose of peer discovery.
The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
Services interpret this to mean that all endpoints are considered "ready" even if the
Pods themselves are not. Agents which consume only Kubernetes generated endpoints
through the Endpoints or EndpointSlice resources can safely assume this behavior.
type: boolean
selector:
additionalProperties:
type: string
description: |-
Route service traffic to pods with label keys and values matching this
selector. If empty or not present, the service is assumed to have an
external process managing its endpoints, which Kubernetes will not
modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
Ignored if type is ExternalName.
More info: https://kubernetes.io/docs/concepts/services-networking/service/
type: object
x-kubernetes-map-type: atomic
sessionAffinity:
description: |-
Supports "ClientIP" and "None". Used to maintain session affinity.
Enable client IP based session affinity.
Must be ClientIP or None.
Defaults to None.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
type: string
sessionAffinityConfig:
description: sessionAffinityConfig contains the configurations of session affinity.
properties:
clientIP:
description: clientIP contains the configurations of Client IP based session affinity.
properties:
timeoutSeconds:
description: |-
timeoutSeconds specifies the seconds of ClientIP type session sticky time.
The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
trafficDistribution:
description: |-
TrafficDistribution offers a way to express preferences for how traffic
is distributed to Service endpoints. Implementations can use this field
as a hint, but are not required to guarantee strict adherence. If the
field is not set, the implementation will apply its default routing
strategy. If set to "PreferClose", implementations should prioritize
endpoints that are in the same zone.
type: string
type:
description: |-
type determines how the Service is exposed. Defaults to ClusterIP. Valid
options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
"ClusterIP" allocates a cluster-internal IP address for load-balancing
to endpoints. Endpoints are determined by the selector or if that is not
specified, by manual construction of an Endpoints object or
EndpointSlice objects. If clusterIP is "None", no virtual IP is
allocated and the endpoints are published as a set of endpoints rather
than a virtual IP.
"NodePort" builds on ClusterIP and allocates a port on every node which
routes to the same endpoints as the clusterIP.
"LoadBalancer" builds on NodePort and creates an external load-balancer
(if supported in the current cloud) which routes to the same endpoints
as the clusterIP.
"ExternalName" aliases this service to the specified externalName.
Several other fields do not apply to ExternalName services.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
type: object
tls:
description: TLS defines options for configuring TLS for HTTP.
properties:
certificate:
description: |-
Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
The referenced secret should contain the following:
- `ca.crt`: The certificate authority (optional).
- `tls.crt`: The certificate (or a chain).
- `tls.key`: The private key to the first certificate in the certificate chain.
properties:
secretName:
description: SecretName is the name of the secret.
type: string
type: object
selfSignedCertificate:
description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
properties:
disabled:
description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
type: boolean
subjectAltNames:
description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
items:
description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
properties:
dns:
description: DNS is the DNS name of the subject.
type: string
ip:
description: IP is the IP address of the subject.
type: string
type: object
type: array
type: object
type: object
type: object
image:
description: Image is the Elastic Maps Server Docker image to deploy.
type: string
podTemplate:
description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Elastic Maps Server pods
type: object
x-kubernetes-preserve-unknown-fields: true
revisionHistoryLimit:
description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying Deployment.
format: int32
type: integer
serviceAccountName:
description: |-
ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
Can only be used if ECK is enforcing RBAC on references.
type: string
version:
description: Version of Elastic Maps Server.
type: string
required:
- version
type: object
status:
description: MapsStatus defines the observed state of Elastic Maps Server
properties:
associationStatus:
description: AssociationStatus is the status of an association resource.
type: string
availableNodes:
description: AvailableNodes is the number of available replicas in the deployment.
format: int32
type: integer
count:
description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
format: int32
type: integer
health:
description: Health of the deployment.
type: string
observedGeneration:
description: |-
ObservedGeneration is the most recent generation observed for this Elastic Maps Server.
It corresponds to the metadata generation, which is updated on mutation by the API Server.
If the generation observed in status diverges from the generation in metadata, the Elastic
Maps controller has not yet processed the changes contained in the Elastic Maps specification.
format: int64
type: integer
selector:
description: Selector is the label selector used to find all pods.
type: string
version:
description: |-
Version of the stack resource currently running. During version upgrades, multiple versions may run
in parallel: this value specifies the lowest version currently running.
type: string
type: object
type: object
served: true
storage: true
subresources:
scale:
labelSelectorPath: .status.selector
specReplicasPath: .spec.count
statusReplicasPath: .status.count
status: {}
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-elasticsearchautoscalers.autoscaling.k8s.elastic.co.yaml
+323
View File
@@ -0,0 +1,323 @@
---
# Source: elastic-operator/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'elastic-operator'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '3.2.0'
helm.sh/chart: 'eck-operator-crds-3.2.0'
name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
spec:
group: autoscaling.k8s.elastic.co
names:
categories:
- elastic
kind: ElasticsearchAutoscaler
listKind: ElasticsearchAutoscalerList
plural: elasticsearchautoscalers
shortNames:
- esa
singular: elasticsearchautoscaler
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.elasticsearchRef.name
name: Target
type: string
- jsonPath: .status.conditions[?(@.type=='Active')].status
name: Active
type: string
- jsonPath: .status.conditions[?(@.type=='Healthy')].status
name: Healthy
type: string
- jsonPath: .status.conditions[?(@.type=='Limited')].status
name: Limited
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: ElasticsearchAutoscaler represents an ElasticsearchAutoscaler resource in a Kubernetes cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ElasticsearchAutoscalerSpec holds the specification of an Elasticsearch autoscaler resource.
properties:
elasticsearchRef:
description: ElasticsearchRef is a reference to an Elasticsearch cluster that exists in the same namespace.
properties:
name:
description: Name is the name of the Elasticsearch resource to scale automatically.
minLength: 1
type: string
type: object
policies:
items:
description: AutoscalingPolicySpec holds a named autoscaling policy and the associated resources limits (cpu, memory, storage).
properties:
deciders:
additionalProperties:
additionalProperties:
type: string
description: |-
DeciderSettings allow the user to tweak autoscaling deciders.
The map data structure complies with the <key,value> format expected by Elasticsearch.
type: object
description: Deciders allow the user to override default settings for autoscaling deciders.
type: object
name:
description: Name identifies the autoscaling policy in the autoscaling specification.
type: string
resources:
description: |-
AutoscalingResources model the limits, submitted by the user, for the supported resources in an autoscaling policy.
Only the node count range is mandatory. For other resources, a limit range is required only
if the Elasticsearch autoscaling capacity API returns a requirement for a given resource.
For example, the memory limit range is only required if the autoscaling API response contains a memory requirement.
If there is no limit range for a resource, and if that resource is not mandatory, then the resources in the NodeSets
managed by the autoscaling policy are left untouched.
properties:
cpu:
description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
properties:
max:
anyOf:
- type: integer
- type: string
description: Max represents the upper limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
min:
anyOf:
- type: integer
- type: string
description: Min represents the lower limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requestsToLimitsRatio:
anyOf:
- type: integer
- type: string
description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
required:
- max
- min
type: object
memory:
description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
properties:
max:
anyOf:
- type: integer
- type: string
description: Max represents the upper limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
min:
anyOf:
- type: integer
- type: string
description: Min represents the lower limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requestsToLimitsRatio:
anyOf:
- type: integer
- type: string
description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
required:
- max
- min
type: object
nodeCount:
description: NodeCountRange is used to model the minimum and the maximum number of nodes over all the NodeSets managed by the same autoscaling policy.
properties:
max:
description: Max represents the maximum number of nodes in a tier.
format: int32
type: integer
min:
description: Min represents the minimum number of nodes in a tier.
format: int32
type: integer
required:
- max
- min
type: object
storage:
description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
properties:
max:
anyOf:
- type: integer
- type: string
description: Max represents the upper limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
min:
anyOf:
- type: integer
- type: string
description: Min represents the lower limit for the resources managed by the autoscaler.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requestsToLimitsRatio:
anyOf:
- type: integer
- type: string
description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
required:
- max
- min
type: object
required:
- nodeCount
type: object
roles:
description: An autoscaling policy must target a unique set of roles.
items:
type: string
type: array
required:
- resources
type: object
type: array
pollingPeriod:
description: PollingPeriod is the period at which to synchronize with the Elasticsearch autoscaling API.
type: string
required:
- elasticsearchRef
- policies
type: object
status:
properties:
conditions:
description: Conditions holds the current service state of the autoscaling controller.
items:
description: |-
Condition represents Elasticsearch resource's condition.
**This API is in technical preview and may be changed or removed in a future release.**
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
status:
type: string
type:
description: ConditionType defines the condition of an Elasticsearch resource.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation by the controller.
format: int64
type: integer
policies:
description: AutoscalingPolicyStatuses is used to expose state messages to user or external system.
items:
properties:
lastModificationTime:
description: LastModificationTime is the last time the resources have been updated, used by the cooldown algorithm.
format: date-time
type: string
name:
description: Name is the name of the autoscaling policy
type: string
nodeSets:
description: NodeSetNodeCount holds the number of nodes for each nodeSet.
items:
description: NodeSetNodeCount models the number of nodes expected in a given NodeSet.
properties:
name:
description: Name of the Nodeset.
type: string
nodeCount:
description: NodeCount is the number of nodes, as computed by the autoscaler, expected in this NodeSet.
format: int32
type: integer
required:
- name
- nodeCount
type: object
type: array
resources:
description: |-
ResourcesSpecification holds the resource values common to all the nodeSets managed by a same autoscaling policy.
Only the resources managed by the autoscaling controller are saved in the Status.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
type: object
state:
description: PolicyStates may contain various messages regarding the current state of this autoscaling policy.
items:
properties:
messages:
items:
type: string
type: array
type:
type: string
required:
- messages
- type
type: object
type: array
required:
- name
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-elasticsearches.elasticsearch.k8s.elastic.co.yaml
+2689
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-enterprisesearches.enterprisesearch.k8s.elastic.co.yaml
+1130
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-kibanas.kibana.k8s.elastic.co.yaml
+1271
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-logstashes.logstash.k8s.elastic.co.yaml
+1132
View File
File diff suppressed because it is too large Load Diff
clusters/cl01tl/manifests/elastic-operator/CustomResourceDefinition-stackconfigpolicies.stackconfigpolicy.k8s.elastic.co.yaml
+363
View File
@@ -0,0 +1,363 @@
---
# Source: elastic-operator/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'elastic-operator'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '3.2.0'
helm.sh/chart: 'eck-operator-crds-3.2.0'
name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
spec:
group: stackconfigpolicy.k8s.elastic.co
names:
categories:
- elastic
kind: StackConfigPolicy
listKind: StackConfigPolicyList
plural: stackconfigpolicies
shortNames:
- scp
singular: stackconfigpolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Resources configured
jsonPath: .status.readyCount
name: Ready
type: string
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: StackConfigPolicy represents a StackConfigPolicy resource in a Kubernetes cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
elasticsearch:
properties:
clusterSettings:
description: ClusterSettings holds the Elasticsearch cluster settings (/_cluster/settings)
type: object
x-kubernetes-preserve-unknown-fields: true
config:
description: Config holds the settings that go into elasticsearch.yml.
type: object
x-kubernetes-preserve-unknown-fields: true
indexLifecyclePolicies:
description: IndexLifecyclePolicies holds the Index Lifecycle policies settings (/_ilm/policy)
type: object
x-kubernetes-preserve-unknown-fields: true
indexTemplates:
description: IndexTemplates holds the Index and Component Templates settings
properties:
componentTemplates:
description: ComponentTemplates holds the Component Templates settings (/_component_template)
type: object
x-kubernetes-preserve-unknown-fields: true
composableIndexTemplates:
description: ComposableIndexTemplates holds the Index Templates settings (/_index_template)
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
x-kubernetes-preserve-unknown-fields: true
ingestPipelines:
description: IngestPipelines holds the Ingest Pipelines settings (/_ingest/pipeline)
type: object
x-kubernetes-preserve-unknown-fields: true
secretMounts:
description: SecretMounts are additional Secrets that need to be mounted into the Elasticsearch pods.
items:
description: SecretMount contains information about additional secrets to be mounted to the elasticsearch pods
properties:
mountPath:
description: MountPath denotes the path to which the secret should be mounted to inside the elasticsearch pod
type: string
secretName:
description: SecretName denotes the name of the secret that needs to be mounted to the elasticsearch pod
type: string
type: object
type: array
x-kubernetes-preserve-unknown-fields: true
secureSettings:
description: SecureSettings are additional Secrets that contain data to be configured to Elasticsearch's keystore.
items:
description: SecretSource defines a data source based on a Kubernetes Secret.
properties:
entries:
description: |-
Entries define how to project each key-value pair in the secret to filesystem paths.
If not defined, all keys will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the corresponding paths.
items:
description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
properties:
key:
description: Key is the key contained in the secret.
type: string
path:
description: |-
Path is the relative file path to map the key to.
Path must not be an absolute file path and must not contain any ".." components.
type: string
required:
- key
type: object
type: array
secretName:
description: SecretName is the name of the secret.
type: string
required:
- secretName
type: object
type: array
x-kubernetes-preserve-unknown-fields: true
securityRoleMappings:
description: SecurityRoleMappings holds the Role Mappings settings (/_security/role_mapping)
type: object
x-kubernetes-preserve-unknown-fields: true
snapshotLifecyclePolicies:
description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle Policies settings (/_slm/policy)
type: object
x-kubernetes-preserve-unknown-fields: true
snapshotRepositories:
description: SnapshotRepositories holds the Snapshot Repositories settings (/_snapshot)
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
kibana:
properties:
config:
description: Config holds the settings that go into kibana.yml.
type: object
x-kubernetes-preserve-unknown-fields: true
secureSettings:
description: SecureSettings are additional Secrets that contain data to be configured to Kibana's keystore.
items:
description: SecretSource defines a data source based on a Kubernetes Secret.
properties:
entries:
description: |-
Entries define how to project each key-value pair in the secret to filesystem paths.
If not defined, all keys will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the corresponding paths.
items:
description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
properties:
key:
description: Key is the key contained in the secret.
type: string
path:
description: |-
Path is the relative file path to map the key to.
Path must not be an absolute file path and must not contain any ".." components.
type: string
required:
- key
type: object
type: array
secretName:
description: SecretName is the name of the secret.
type: string
required:
- secretName
type: object
type: array
x-kubernetes-preserve-unknown-fields: true
type: object
resourceSelector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
secureSettings:
description: 'Deprecated: SecureSettings only applies to Elasticsearch and is deprecated. It must be set per application instead.'
items:
description: SecretSource defines a data source based on a Kubernetes Secret.
properties:
entries:
description: |-
Entries define how to project each key-value pair in the secret to filesystem paths.
If not defined, all keys will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the corresponding paths.
items:
description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
properties:
key:
description: Key is the key contained in the secret.
type: string
path:
description: |-
Path is the relative file path to map the key to.
Path must not be an absolute file path and must not contain any ".." components.
type: string
required:
- key
type: object
type: array
secretName:
description: SecretName is the name of the secret.
type: string
required:
- secretName
type: object
type: array
type: object
status:
properties:
details:
additionalProperties:
additionalProperties:
description: ResourcePolicyStatus models the status of the policy for one resource to be configured.
properties:
currentVersion:
description: |-
CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
This field does not apply to Kibana resources
format: int64
type: integer
error:
properties:
message:
type: string
version:
format: int64
type: integer
type: object
expectedVersion:
description: |-
ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
This field does not apply to Kibana resources
format: int64
type: integer
phase:
type: string
type: object
type: object
description: Details holds the status details for each resource to be configured.
type: object
errors:
description: Errors is the number of resources which have an incorrect configuration
type: integer
observedGeneration:
description: ObservedGeneration is the most recent generation observed for this StackConfigPolicy.
format: int64
type: integer
phase:
description: Phase is the phase of the StackConfigPolicy.
type: string
ready:
description: Ready is the number of resources successfully configured.
type: integer
readyCount:
description: ReadyCount is a human representation of the number of resources successfully configured.
type: string
resources:
description: Resources is the number of resources to be configured.
type: integer
resourcesStatuses:
additionalProperties:
description: ResourcePolicyStatus models the status of the policy for one resource to be configured.
properties:
currentVersion:
description: |-
CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
This field does not apply to Kibana resources
format: int64
type: integer
error:
properties:
message:
type: string
version:
format: int64
type: integer
type: object
expectedVersion:
description: |-
ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
This field does not apply to Kibana resources
format: int64
type: integer
phase:
type: string
type: object
description: |-
ResourcesStatuses holds the status for each resource to be configured.
Deprecated: Details is used to store the status of resources from ECK 2.11
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
clusters/cl01tl/manifests/elastic-operator/PodMonitor-elastic-operator.yaml
+26
View File
@@ -0,0 +1,26 @@
---
# Source: elastic-operator/charts/eck-operator/templates/podMonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: elastic-operator
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
spec:
podMetricsEndpoints:
- port: metrics
path: /metrics
interval: 5m
scrapeTimeout: 30s
namespaceSelector:
matchNames:
- elastic-operator
selector:
matchLabels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
clusters/cl01tl/manifests/elastic-operator/Secret-elastic-operator-webhook-cert.yaml
+13
View File
@@ -0,0 +1,13 @@
---
# Source: elastic-operator/charts/eck-operator/templates/webhook.yaml
apiVersion: v1
kind: Secret
metadata:
name: elastic-operator-webhook-cert
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
clusters/cl01tl/manifests/elastic-operator/Service-elastic-operator-webhook.yaml
+21
View File
@@ -0,0 +1,21 @@
---
# Source: elastic-operator/charts/eck-operator/templates/webhook.yaml
apiVersion: v1
kind: Service
metadata:
name: elastic-operator-webhook
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
spec:
ports:
- name: https
port: 443
targetPort: 9443
selector:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
clusters/cl01tl/manifests/elastic-operator/ServiceAccount-elastic-operator.yaml
+14
View File
@@ -0,0 +1,14 @@
---
# Source: elastic-operator/charts/eck-operator/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: elastic-operator
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
clusters/cl01tl/manifests/elastic-operator/StatefulSet-elastic-operator.yaml
+90
View File
@@ -0,0 +1,90 @@
---
# Source: elastic-operator/charts/eck-operator/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elastic-operator
namespace: elastic-operator
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
serviceName: elastic-operator
replicas: 2
template:
metadata:
annotations:
# Rename the fields "error" to "error.message" and "source" to "event.source"
# This is to avoid a conflict with the ECS "error" and "source" documents.
"co.elastic.logs/raw": "[{\"type\":\"filestream\",\"enabled\":true,\"id\":\"eck-container-logs-${data.kubernetes.container.id}\",\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"parsers\":[{\"container\":{}},{\"ndjson\":{\"keys_under_root\":true}}],\"prospector.scanner.symlinks\":true,\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
"checksum/config": b73feaddf363fb2b6fe00148962a59c33dac58db78014f4b50b9c3de06865131
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: elastic-operator
automountServiceAccountToken: true
securityContext:
runAsNonRoot: true
containers:
- image: "docker.elastic.co/eck/eck-operator:3.2.0"
imagePullPolicy: IfNotPresent
name: manager
args:
- "manager"
- "--config=/conf/eck.yaml"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: WEBHOOK_SECRET
value: elastic-operator-webhook-cert
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 150Mi
ports:
- containerPort: 9000
name: metrics
protocol: TCP
- containerPort: 9443
name: https-webhook
protocol: TCP
volumeMounts:
- mountPath: "/conf"
name: conf
readOnly: true
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: conf
configMap:
name: elastic-operator
- name: cert
secret:
defaultMode: 420
secretName: elastic-operator-webhook-cert
clusters/cl01tl/manifests/elastic-operator/ValidatingWebhookConfiguration-elastic-operator.elastic-operator.k8s.elastic.co.yaml
+293
View File
@@ -0,0 +1,293 @@
---
# Source: elastic-operator/charts/eck-operator/templates/webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: elastic-operator.elastic-operator.k8s.elastic.co
labels:
app.kubernetes.io/name: elastic-operator
app.kubernetes.io/instance: elastic-operator
app.kubernetes.io/version: "3.2.0"
helm.sh/chart: eck-operator-3.2.0
app.kubernetes.io/managed-by: Helm
webhooks:
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-agent-k8s-elastic-co-v1alpha1-agent
failurePolicy: Ignore
name: elastic-agent-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- agent.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- agents
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-apm-k8s-elastic-co-v1-apmserver
failurePolicy: Ignore
name: elastic-apm-validation-v1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- apm.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- apmservers
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
failurePolicy: Ignore
name: elastic-apm-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- apm.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- apmservers
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-beat-k8s-elastic-co-v1beta1-beat
failurePolicy: Ignore
name: elastic-beat-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- beat.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- beats
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch
failurePolicy: Ignore
name: elastic-ent-validation-v1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- enterprisesearch.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- enterprisesearches
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch
failurePolicy: Ignore
name: elastic-ent-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- enterprisesearch.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- enterprisesearches
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
failurePolicy: Ignore
name: elastic-es-validation-v1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- elasticsearch.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- elasticsearches
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
failurePolicy: Ignore
name: elastic-es-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- elasticsearch.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- elasticsearches
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers
failurePolicy: Ignore
name: elastic-ems-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- maps.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- mapsservers
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-kibana-k8s-elastic-co-v1-kibana
failurePolicy: Ignore
name: elastic-kb-validation-v1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- kibana.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- kibanas
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
failurePolicy: Ignore
name: elastic-kb-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- kibana.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- kibanas
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
failurePolicy: Ignore
name: elastic-esa-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- autoscaling.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- elasticsearchautoscalers
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
failurePolicy: Ignore
name: elastic-scp-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- stackconfigpolicy.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- stackconfigpolicies
- clientConfig:
service:
name: elastic-operator-webhook
namespace: elastic-operator
path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash
failurePolicy: Ignore
name: elastic-logstash-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1]
sideEffects: None
rules:
- apiGroups:
- logstash.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- logstashes
clusters/cl01tl/manifests/elastic-operator/elastic-operator.yaml
-11594
View File
File diff suppressed because it is too large Load Diff