Skip to content

Commit 09e8a47

Browse files
openshift-service-mesh-botjwendell
openshift-service-mesh-bot
and
jwendell
authored
operator sailoperator (0.2.0-nightly-2024-10-17) (redhat-openshift-ecosystem#5387)
Signed-off-by: Jonh Wendell <[email protected]> Co-authored-by: Jonh Wendell <[email protected]>
1 parent e5fb4d5 commit 09e8a47

24 files changed

+43615
-0
lines changed

operators/sailoperator/0.2.0-nightly-2024-10-17/README.md

Lines changed: 465 additions & 0 deletions
Large diffs are not rendered by default.

operators/sailoperator/0.2.0-nightly-2024-10-17/manifests/extensions.istio.io_wasmplugins.yaml

Lines changed: 368 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,368 @@
1+
apiVersion: apiextensions.k8s.io/v1
2+
kind: CustomResourceDefinition
3+
metadata:
4+
annotations:
5+
helm.sh/resource-policy: keep
6+
creationTimestamp: null
7+
labels:
8+
app: istio-pilot
9+
chart: istio
10+
heritage: Tiller
11+
release: istio
12+
name: wasmplugins.extensions.istio.io
13+
spec:
14+
group: extensions.istio.io
15+
names:
16+
categories:
17+
- istio-io
18+
- extensions-istio-io
19+
kind: WasmPlugin
20+
listKind: WasmPluginList
21+
plural: wasmplugins
22+
singular: wasmplugin
23+
scope: Namespaced
24+
versions:
25+
- additionalPrinterColumns:
26+
- description: 'CreationTimestamp is a timestamp representing the server time
27+
when this object was created. It is not guaranteed to be set in happens-before
28+
order across separate operations. Clients may not set this value. It is represented
29+
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
30+
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
31+
jsonPath: .metadata.creationTimestamp
32+
name: Age
33+
type: date
34+
name: v1alpha1
35+
schema:
36+
openAPIV3Schema:
37+
properties:
38+
spec:
39+
description: 'Extend the functionality provided by the Istio proxy through
40+
WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
41+
properties:
42+
failStrategy:
43+
description: |-
44+
Specifies the failure behavior for the plugin due to fatal errors.
45+
46+
Valid Options: FAIL_CLOSE, FAIL_OPEN
47+
enum:
48+
- FAIL_CLOSE
49+
- FAIL_OPEN
50+
type: string
51+
imagePullPolicy:
52+
description: |-
53+
The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`.
54+
55+
Valid Options: IfNotPresent, Always
56+
enum:
57+
- UNSPECIFIED_POLICY
58+
- IfNotPresent
59+
- Always
60+
type: string
61+
imagePullSecret:
62+
description: Credentials to use for OCI image pulling.
63+
maxLength: 253
64+
minLength: 1
65+
type: string
66+
match:
67+
description: Specifies the criteria to determine which traffic is
68+
passed to WasmPlugin.
69+
items:
70+
properties:
71+
mode:
72+
description: |-
73+
Criteria for selecting traffic by their direction.
74+
75+
Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER
76+
enum:
77+
- UNDEFINED
78+
- CLIENT
79+
- SERVER
80+
- CLIENT_AND_SERVER
81+
type: string
82+
ports:
83+
description: Criteria for selecting traffic by their destination
84+
port.
85+
items:
86+
properties:
87+
number:
88+
maximum: 65535
89+
minimum: 1
90+
type: integer
91+
required:
92+
- number
93+
type: object
94+
type: array
95+
x-kubernetes-list-map-keys:
96+
- number
97+
x-kubernetes-list-type: map
98+
type: object
99+
type: array
100+
phase:
101+
description: |-
102+
Determines where in the filter chain this `WasmPlugin` is to be injected.
103+
104+
Valid Options: AUTHN, AUTHZ, STATS
105+
enum:
106+
- UNSPECIFIED_PHASE
107+
- AUTHN
108+
- AUTHZ
109+
- STATS
110+
type: string
111+
pluginConfig:
112+
description: The configuration that will be passed on to the plugin.
113+
type: object
114+
x-kubernetes-preserve-unknown-fields: true
115+
pluginName:
116+
description: The plugin name to be used in the Envoy configuration
117+
(used to be called `rootID`).
118+
maxLength: 256
119+
minLength: 1
120+
type: string
121+
priority:
122+
description: Determines ordering of `WasmPlugins` in the same `phase`.
123+
format: int32
124+
nullable: true
125+
type: integer
126+
selector:
127+
description: Criteria used to select the specific set of pods/VMs
128+
on which this plugin configuration should be applied.
129+
properties:
130+
matchLabels:
131+
additionalProperties:
132+
maxLength: 63
133+
type: string
134+
x-kubernetes-validations:
135+
- message: wildcard not allowed in label value match
136+
rule: '!self.contains(''*'')'
137+
description: One or more labels that indicate a specific set of
138+
pods/VMs on which a policy should be applied.
139+
maxProperties: 4096
140+
type: object
141+
x-kubernetes-validations:
142+
- message: wildcard not allowed in label key match
143+
rule: self.all(key, !key.contains('*'))
144+
- message: key must not be empty
145+
rule: self.all(key, key.size() != 0)
146+
type: object
147+
sha256:
148+
description: SHA256 checksum that will be used to verify Wasm module
149+
or OCI container.
150+
pattern: (^$|^[a-f0-9]{64}$)
151+
type: string
152+
targetRef:
153+
properties:
154+
group:
155+
description: group is the group of the target resource.
156+
maxLength: 253
157+
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
158+
type: string
159+
kind:
160+
description: kind is kind of the target resource.
161+
maxLength: 63
162+
minLength: 1
163+
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
164+
type: string
165+
name:
166+
description: name is the name of the target resource.
167+
maxLength: 253
168+
minLength: 1
169+
type: string
170+
namespace:
171+
description: namespace is the namespace of the referent.
172+
type: string
173+
x-kubernetes-validations:
174+
- message: cross namespace referencing is not currently supported
175+
rule: self.size() == 0
176+
required:
177+
- kind
178+
- name
179+
type: object
180+
x-kubernetes-validations:
181+
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
182+
gateway.networking.k8s.io/Gateway
183+
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
184+
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
185+
targetRefs:
186+
description: Optional.
187+
items:
188+
properties:
189+
group:
190+
description: group is the group of the target resource.
191+
maxLength: 253
192+
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
193+
type: string
194+
kind:
195+
description: kind is kind of the target resource.
196+
maxLength: 63
197+
minLength: 1
198+
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
199+
type: string
200+
name:
201+
description: name is the name of the target resource.
202+
maxLength: 253
203+
minLength: 1
204+
type: string
205+
namespace:
206+
description: namespace is the namespace of the referent.
207+
type: string
208+
x-kubernetes-validations:
209+
- message: cross namespace referencing is not currently supported
210+
rule: self.size() == 0
211+
required:
212+
- kind
213+
- name
214+
type: object
215+
x-kubernetes-validations:
216+
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
217+
gateway.networking.k8s.io/Gateway
218+
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
219+
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
220+
type: array
221+
type:
222+
description: |-
223+
Specifies the type of Wasm Extension to be used.
224+
225+
Valid Options: HTTP, NETWORK
226+
enum:
227+
- UNSPECIFIED_PLUGIN_TYPE
228+
- HTTP
229+
- NETWORK
230+
type: string
231+
url:
232+
description: URL of a Wasm module or OCI container.
233+
minLength: 1
234+
type: string
235+
x-kubernetes-validations:
236+
- message: url must have schema one of [http, https, file, oci]
237+
rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'',
238+
''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) &&
239+
url(''http://'' +self).getScheme() in ['''', ''http'', ''https'',
240+
''oci'', ''file''])'
241+
verificationKey:
242+
type: string
243+
vmConfig:
244+
description: Configuration for a Wasm VM.
245+
properties:
246+
env:
247+
description: Specifies environment variables to be injected to
248+
this VM.
249+
items:
250+
properties:
251+
name:
252+
description: Name of the environment variable.
253+
maxLength: 256
254+
minLength: 1
255+
type: string
256+
value:
257+
description: Value for the environment variable.
258+
maxLength: 2048
259+
type: string
260+
valueFrom:
261+
description: |-
262+
Source for the environment variable's value.
263+
264+
Valid Options: INLINE, HOST
265+
enum:
266+
- INLINE
267+
- HOST
268+
type: string
269+
required:
270+
- name
271+
type: object
272+
x-kubernetes-validations:
273+
- message: value may only be set when valueFrom is INLINE
274+
rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST''
275+
|| !has(self.value)'
276+
maxItems: 256
277+
type: array
278+
x-kubernetes-list-map-keys:
279+
- name
280+
x-kubernetes-list-type: map
281+
type: object
282+
required:
283+
- url
284+
type: object
285+
status:
286+
properties:
287+
conditions:
288+
description: Current service state of the resource.
289+
items:
290+
properties:
291+
lastProbeTime:
292+
description: Last time we probed the condition.
293+
format: date-time
294+
type: string
295+
lastTransitionTime:
296+
description: Last time the condition transitioned from one status
297+
to another.
298+
format: date-time
299+
type: string
300+
message:
301+
description: Human-readable message indicating details about
302+
last transition.
303+
type: string
304+
reason:
305+
description: Unique, one-word, CamelCase reason for the condition's
306+
last transition.
307+
type: string
308+
status:
309+
description: Status is the status of the condition.
310+
type: string
311+
type:
312+
description: Type is the type of the condition.
313+
type: string
314+
type: object
315+
type: array
316+
observedGeneration:
317+
anyOf:
318+
- type: integer
319+
- type: string
320+
description: Resource Generation to which the Reconciled Condition
321+
refers.
322+
x-kubernetes-int-or-string: true
323+
validationMessages:
324+
description: Includes any errors or warnings detected by Istio's analyzers.
325+
items:
326+
properties:
327+
documentationUrl:
328+
description: A url pointing to the Istio documentation for this
329+
specific error type.
330+
type: string
331+
level:
332+
description: |-
333+
Represents how severe a message is.
334+
335+
Valid Options: UNKNOWN, ERROR, WARNING, INFO
336+
enum:
337+
- UNKNOWN
338+
- ERROR
339+
- WARNING
340+
- INFO
341+
type: string
342+
type:
343+
properties:
344+
code:
345+
description: A 7 character code matching `^IST[0-9]{4}$`
346+
intended to uniquely identify the message type.
347+
type: string
348+
name:
349+
description: A human-readable name for the message type.
350+
type: string
351+
type: object
352+
type: object
353+
type: array
354+
type: object
355+
x-kubernetes-preserve-unknown-fields: true
356+
required:
357+
- spec
358+
type: object
359+
served: true
360+
storage: true
361+
subresources:
362+
status: {}
363+
status:
364+
acceptedNames:
365+
kind: ""
366+
plural: ""
367+
conditions: null
368+
storedVersions: null

operators/sailoperator/0.2.0-nightly-2024-10-17/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
creationTimestamp: null
5+
labels:
6+
app.kubernetes.io/component: kube-rbac-proxy
7+
app.kubernetes.io/created-by: sailoperator
8+
app.kubernetes.io/instance: metrics-reader
9+
app.kubernetes.io/managed-by: helm
10+
app.kubernetes.io/name: clusterrole
11+
app.kubernetes.io/part-of: sailoperator
12+
name: metrics-reader
13+
rules:
14+
- nonResourceURLs:
15+
- /metrics
16+
verbs:
17+
- get

0 commit comments

Comments
 (0)