diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 2d2aa216..c228db92 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -36,16 +36,15 @@ func main() { sharedmain.MainWithContext(ctx, "typhoon-controller", cloudeventssource.NewController, - httppollersource.NewController, - kafkasource.NewController, - webhooksource.NewController, - cloudeventstarget.NewController, + httppollersource.NewController, httptarget.NewController, + kafkasource.NewController, kafkatarget.NewController, - logztarget.NewController, logzmetricstarget.NewController, + logztarget.NewController, splunktarget.NewController, + webhooksource.NewController, // flow jqtransformation.NewController, synchronizer.NewController, diff --git a/config/200-clusterrole-namespaced.yaml b/config/200-clusterrole-namespaced.yaml new file mode 100644 index 00000000..a8e12029 --- /dev/null +++ b/config/200-clusterrole-namespaced.yaml @@ -0,0 +1,54 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: typhoon-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - flow.typhoon.zeiss.com + - routing.typhoon.zeiss.com + - sources.typhoon.zeiss.com + - targets.typhoon.zeiss.com + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: typhoon-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - flow.typhoon.zeiss.com + - routing.typhoon.zeiss.com + - sources.typhoon.zeiss.com + - targets.typhoon.zeiss.com + resources: ["*"] + verbs: + - create + - update + - patch + - delete +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: typhoon-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - flow.typhoon.zeiss.com + - routing.typhoon.zeiss.com + - sources.typhoon.zeiss.com + - targets.typhoon.zeiss.com + resources: ["*"] + verbs: + - get + - list + - watch diff --git a/config/200-clusterrole-webhook.yaml b/config/200-clusterrole-webhook.yaml new file mode 100644 index 00000000..76ae45a0 --- /dev/null +++ b/config/200-clusterrole-webhook.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typhoon-webhook + labels: + app.kubernetes.io/part-of: typhoon + +rules: +# Routing admin +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters + - splitters + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +# Routing statuses update +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - splitters/status + - filters/status + verbs: + - update + + +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - xslttransformations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - xslttransformations/status + verbs: + - update + +# Events admin +- apiGroups: + - '' + resources: + - events + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +# For manipulating certs into secrets. +- apiGroups: + - '' + resources: + - secrets + verbs: + - get + - create + - update + - list + - watch + +# Validation webhook gets system namespace to use it as an owner. +- apiGroups: + - '' + resources: + - namespaces + verbs: + - get + +# For actually registering our webhook. +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +# Acquire leases for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update diff --git a/config/200-clusterroles.yaml b/config/200-clusterroles.yaml new file mode 100644 index 00000000..429b091e --- /dev/null +++ b/config/200-clusterroles.yaml @@ -0,0 +1,934 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typhoon-controller + labels: + app.kubernetes.io/part-of: typhoon + +rules: + +# Record Kubernetes events +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - update + +# Manage receive-adapters +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + +# Read reconciled typhoon resources and update their statuses +# +rbac-check +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awscloudwatchlogssources + - awscloudwatchsources + - awscodecommitsources + - awscognitoidentitysources + - awscognitouserpoolsources + - awsdynamodbsources + - awseventbridgesources + - awskinesissources + - awsperformanceinsightssources + - awss3sources + - awssnssources + - awssqssources + - azureactivitylogssources + - azureblobstoragesources + - azureeventgridsources + - azureeventhubssources + - azureiothubsources + - azurequeuestoragesources + - azureservicebusqueuesources + - azureservicebussources + - azureservicebustopicsources + - cloudeventssources + - googlecloudauditlogssources + - googlecloudbillingsources + - googlecloudpubsubsources + - googlecloudsourcerepositoriessources + - googlecloudstoragesources + - httppollersources + - ibmmqsources + - kafkasources + - mongodbsources + - ocimetricssources + - salesforcesources + - slacksources + - solacesources + - twiliosources + - webhooksources + - zendesksources + verbs: + - list + - watch + - get +# +rbac-check:subresource=status +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awscloudwatchlogssources/status + - awscloudwatchsources/status + - awscodecommitsources/status + - awscognitoidentitysources/status + - awscognitouserpoolsources/status + - awsdynamodbsources/status + - awseventbridgesources/status + - awskinesissources/status + - awsperformanceinsightssources/status + - awss3sources/status + - awssnssources/status + - awssqssources/status + - azureactivitylogssources/status + - azureblobstoragesources/status + - azureeventgridsources/status + - azureeventhubssources/status + - azureiothubsources/status + - azurequeuestoragesources/status + - azureservicebusqueuesources/status + - azureservicebussources/status + - azureservicebustopicsources/status + - cloudeventssources/status + - googlecloudauditlogssources/status + - googlecloudbillingsources/status + - googlecloudpubsubsources/status + - googlecloudsourcerepositoriessources/status + - googlecloudstoragesources/status + - httppollersources/status + - ibmmqsources/status + - kafkasources/status + - mongodbsources/status + - ocimetricssources/status + - salesforcesources/status + - slacksources/status + - solacesources/status + - twiliosources/status + - webhooksources/status + - zendesksources/status + verbs: + - update +# +rbac-check +- apiGroups: + - targets.typhoon.zeiss.com + resources: + - awscomprehendtargets + - awsdynamodbtargets + - awseventbridgetargets + - awskinesistargets + - awslambdatargets + - awss3targets + - awssnstargets + - awssqstargets + - azureeventhubstargets + - azuresentineltargets + - azureservicebustargets + - cloudeventstargets + - datadogtargets + - elasticsearchtargets + - googlecloudfirestoretargets + - googlecloudpubsubtargets + - googlecloudstoragetargets + - googlecloudworkflowstargets + - googlesheettargets + - httptargets + - ibmmqtargets + - jiratargets + - kafkatargets + - logzmetricstargets + - logztargets + - mongodbtargets + - oracletargets + - salesforcetargets + - sendgridtargets + - slacktargets + - solacetargets + - splunktargets + - twiliotargets + - zendesktargets + verbs: + - list + - watch + - get +# +rbac-check:subresource=status +- apiGroups: + - targets.typhoon.zeiss.com + resources: + - awscomprehendtargets/status + - awsdynamodbtargets/status + - awseventbridgetargets/status + - awskinesistargets/status + - awslambdatargets/status + - awss3targets/status + - awssnstargets/status + - awssqstargets/status + - azureeventhubstargets/status + - azuresentineltargets/status + - azureservicebustargets/status + - cloudeventstargets/status + - datadogtargets/status + - elasticsearchtargets/status + - googlecloudfirestoretargets/status + - googlecloudpubsubtargets/status + - googlecloudstoragetargets/status + - googlecloudworkflowstargets/status + - googlesheettargets/status + - httptargets/status + - ibmmqtargets/status + - jiratargets/status + - kafkatargets/status + - logzmetricstargets/status + - logztargets/status + - mongodbtargets/status + - oracletargets/status + - salesforcetargets/status + - sendgridtargets/status + - slacktargets/status + - solacetargets/status + - splunktargets/status + - twiliotargets/status + - zendesktargets/status + verbs: + - update +# +rbac-check +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - jqtransformations + - synchronizers + - transformations + - xmltojsontransformations + - xslttransformations + verbs: + - list + - watch + - get +# +rbac-check:subresource=status +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - jqtransformations/status + - synchronizers/status + - transformations/status + - xmltojsontransformations/status + - xslttransformations/status + verbs: + - update +# +rbac-check +- apiGroups: + - extensions.typhoon.zeiss.com + resources: + - functions + verbs: + - list + - watch + - get +# +rbac-check:subresource=status +- apiGroups: + - extensions.typhoon.zeiss.com + resources: + - functions/status + verbs: + - update +# +rbac-check +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters + - splitters + verbs: + - list + - watch + - get +# +rbac-check:subresource=status +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters/status + - splitters/status + verbs: + - update + +# Ensure compatibility with the OwnerReferencesPermissionEnforcement Admission Controller +# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement +# +rbac-check:subresource=finalizers +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awscloudwatchlogssources/finalizers + - awscloudwatchsources/finalizers + - awscodecommitsources/finalizers + - awscognitoidentitysources/finalizers + - awscognitouserpoolsources/finalizers + - awsdynamodbsources/finalizers + - awseventbridgesources/finalizers + - awskinesissources/finalizers + - awsperformanceinsightssources/finalizers + - awss3sources/finalizers + - awssnssources/finalizers + - awssqssources/finalizers + - azureactivitylogssources/finalizers + - azureblobstoragesources/finalizers + - azureeventgridsources/finalizers + - azureeventhubssources/finalizers + - azureiothubsources/finalizers + - azurequeuestoragesources/finalizers + - azureservicebusqueuesources/finalizers + - azureservicebussources/finalizers + - azureservicebustopicsources/finalizers + - cloudeventssources/finalizers + - googlecloudauditlogssources/finalizers + - googlecloudbillingsources/finalizers + - googlecloudpubsubsources/finalizers + - googlecloudsourcerepositoriessources/finalizers + - googlecloudstoragesources/finalizers + - httppollersources/finalizers + - ibmmqsources/finalizers + - kafkasources/finalizers + - mongodbsources/finalizers + - ocimetricssources/finalizers + - salesforcesources/finalizers + - slacksources/finalizers + - solacesources/finalizers + - twiliosources/finalizers + - webhooksources/finalizers + - zendesksources/finalizers + verbs: + - update +# +rbac-check:subresource=finalizers +- apiGroups: + - targets.typhoon.zeiss.com + resources: + - awscomprehendtargets/finalizers + - awsdynamodbtargets/finalizers + - awseventbridgetargets/finalizers + - awskinesistargets/finalizers + - awslambdatargets/finalizers + - awss3targets/finalizers + - awssnstargets/finalizers + - awssqstargets/finalizers + - azureeventhubstargets/finalizers + - azuresentineltargets/finalizers + - azureservicebustargets/finalizers + - cloudeventstargets/finalizers + - datadogtargets/finalizers + - elasticsearchtargets/finalizers + - googlecloudfirestoretargets/finalizers + - googlecloudpubsubtargets/finalizers + - googlecloudstoragetargets/finalizers + - googlecloudworkflowstargets/finalizers + - googlesheettargets/finalizers + - httptargets/finalizers + - ibmmqtargets/finalizers + - jiratargets/finalizers + - kafkatargets/finalizers + - logzmetricstargets/finalizers + - logztargets/finalizers + - mongodbtargets/finalizers + - oracletargets/finalizers + - salesforcetargets/finalizers + - sendgridtargets/finalizers + - slacktargets/finalizers + - solacetargets/finalizers + - splunktargets/finalizers + - twiliotargets/finalizers + - zendesktargets/finalizers + verbs: + - update +# +rbac-check:subresource=finalizers +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - jqtransformations/finalizers + - synchronizers/finalizers + - transformations/finalizers + - xmltojsontransformations/finalizers + - xslttransformations/finalizers + verbs: + - update +# +rbac-check:subresource=finalizers +- apiGroups: + - extensions.typhoon.zeiss.com + resources: + - functions/finalizers + verbs: + - update +# +rbac-check:subresource=finalizers +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters/finalizers + - splitters/finalizers + verbs: + - update + +# Set finalizers +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awseventbridgesources + - awss3sources + - awssnssources + - azureactivitylogssources + - azureblobstoragesources + - azureeventgridsources + - azureservicebusqueuesources + - azureservicebussources + - azureservicebustopicsources + - googlecloudauditlogssources + - googlecloudbillingsources + - googlecloudpubsubsources + - googlecloudsourcerepositoriessources + - googlecloudstoragesources + - zendesksources + verbs: + - patch + +# Manage resource-specific ServiceAccounts and RoleBindings +- apiGroups: + - '' + resources: + - serviceaccounts + - serviceaccounts/finalizers + verbs: + - list + - watch + - create + - update + - delete +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - list + - watch + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + # Only multi-tenant components receive permissions via RoleBindings to + # interact with the Kubernetes API. + resourceNames: + - awssnssource-adapter + - zendesksource-adapter + - filter-adapter + - splitter-adapter + verbs: + - update + +# Read credentials +- apiGroups: + - '' + resources: + - secrets + verbs: + - get + +# Required by Function controller to store, and mount user's code +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + +# Read controller configurations +- apiGroups: + - '' + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - '' + resources: + - configmaps + resourceNames: + - config-logging + - config-observability + - config-leader-election + verbs: + - get + +# Acquire leases for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +# Observe status of Pods and their ancestors +- apiGroups: + - '' + resources: + - pods + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - replicasets + verbs: + - list + - watch + +--- + +# This role is used to grant receive adapters read-only access to per-component +# configurations such as logging, observability and tracing. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typhoon-config-watcher + labels: + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - list + - watch + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awssnssource-adapter + labels: + app.kubernetes.io/part-of: typhoon +rules: + +# Record Kubernetes events +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - update + +# Read Source resources and update their statuses +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awssnssources + verbs: + - list + - watch +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awssnssources/status + verbs: + - patch + +# Read credentials +- apiGroups: + - '' + resources: + - secrets + verbs: + - get + +# Acquire leases for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: zendesksource-adapter + labels: + app.kubernetes.io/part-of: typhoon +rules: + +# Record Kubernetes events +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - update + +# Read Source resources +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - zendesksources + verbs: + - list + - watch + +# Read credentials +- apiGroups: + - '' + resources: + - secrets + verbs: + - get + +# Acquire leases for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: filter-adapter + labels: + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: splitter-adapter + labels: + app.kubernetes.io/part-of: typhoon +rules: +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - splitters + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +--- + +# This role provides readonly access to "Source" duck types. +# All the rules it contains get aggregated into the "source-observer" ClusterRole provided by Knative Eventing. +# see https://github.com/knative/eventing/blob/release-0.26/docs/spec/sources.md#source-rbac +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typhoon-source-observer + labels: + app.kubernetes.io/part-of: typhoon + duck.knative.dev/source: 'true' +rules: +# +rbac-check +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awscloudwatchlogssources + - awscloudwatchsources + - awscodecommitsources + - awscognitoidentitysources + - awscognitouserpoolsources + - awsdynamodbsources + - awseventbridgesources + - awskinesissources + - awsperformanceinsightssources + - awss3sources + - awssnssources + - awssqssources + - azureactivitylogssources + - azureblobstoragesources + - azureeventgridsources + - azureeventhubssources + - azureiothubsources + - azurequeuestoragesources + - azureservicebusqueuesources + - azureservicebussources + - azureservicebustopicsources + - cloudeventssources + - googlecloudauditlogssources + - googlecloudbillingsources + - googlecloudpubsubsources + - googlecloudsourcerepositoriessources + - googlecloudstoragesources + - httppollersources + - ibmmqsources + - kafkasources + - mongodbsources + - ocimetricssources + - salesforcesources + - slacksources + - solacesources + - twiliosources + - webhooksources + - zendesksources + verbs: + - get + - list + - watch +- apiGroups: + - sources.typhoon.zeiss.com + resources: + - awscloudwatchlogssources/finalizers + - awscloudwatchsources/finalizers + - awscodecommitsources/finalizers + - awscognitoidentitysources/finalizers + - awscognitouserpoolsources/finalizers + - awsdynamodbsources/finalizers + - awskinesissources/finalizers + - awsperformanceinsightssources/finalizers + - awss3sources/finalizers + - awssnssources/finalizers + - awssqssources/finalizers + - azureactivitylogssources/finalizers + - azureblobstoragesources/finalizers + - azureeventgridsources/finalizers + - azureeventhubssources/finalizers + - azureiothubsources/finalizers + - azurequeuestoragesources/finalizers + - azureservicebusqueuesources/finalizers + - azureservicebussources/finalizers + - azureservicebustopicsources/finalizers + - googlecloudauditlogssources/finalizers + - googlecloudbillingsources/finalizers + - googlecloudpubsubsources/finalizers + - googlecloudsourcerepositoriessources/finalizers + - googlecloudstoragesources/finalizers + verbs: + - update + +--- + +# This aggregated role grants read-only access to Addressables. +# It is intended mainly to allow sink resolvers to resolve URLs from object references. +# +# NOTE: This same role can also be found in Knative Eventing. It is duplicated here to allow running typhoon in a +# cluster which doesn't have Knative Eventing deployed. +# Source: +# https://github.com/knative/eventing/blob/knative-v1.1.0/config/core/roles/addressable-resolvers-clusterrole.yaml + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addressable-resolver + labels: + app.kubernetes.io/part-of: typhoon +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: 'true' +rules: [] # Rules are automatically filled in by the Kubernetes controller manager. + +--- + +# This role provides readonly access to "Addressable" duck types. +# All the rules it contains get aggregated into the "addressable-resolver" ClusterRole. +# https://github.com/knative/eventing/blob/release-0.26/config/core/roles/addressable-resolvers-clusterrole.yaml#L15-L28 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typhoon-addressable-resolver + labels: + app.kubernetes.io/part-of: typhoon + duck.knative.dev/addressable: 'true' +rules: +# +rbac-check +- apiGroups: + - targets.typhoon.zeiss.com + resources: + - awscomprehendtargets + - awsdynamodbtargets + - awseventbridgetargets + - awskinesistargets + - awslambdatargets + - awss3targets + - awssnstargets + - awssqstargets + - azureeventhubstargets + - azuresentineltargets + - azureservicebustargets + - cloudeventstargets + - datadogtargets + - elasticsearchtargets + - googlecloudfirestoretargets + - googlecloudpubsubtargets + - googlecloudstoragetargets + - googlecloudworkflowstargets + - googlesheettargets + - httptargets + - ibmmqtargets + - jiratargets + - kafkatargets + - logzmetricstargets + - logztargets + - mongodbtargets + - oracletargets + - salesforcetargets + - sendgridtargets + - slacktargets + - solacetargets + - splunktargets + - twiliotargets + - zendesktargets + verbs: + - get + - list + - watch +# +rbac-check +- apiGroups: + - flow.typhoon.zeiss.com + resources: + - jqtransformations + - synchronizers + - transformations + - xmltojsontransformations + - xslttransformations + verbs: + - get + - list + - watch +# +rbac-check +- apiGroups: + - extensions.typhoon.zeiss.com + resources: + - functions + verbs: + - get + - list + - watch +# +rbac-check +- apiGroups: + - routing.typhoon.zeiss.com + resources: + - filters + - splitters + verbs: + - get + - list + - watch +# Allow resolving URLs of a few additional common types which are not supplied by typhoon. +- apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - serving.knative.dev + resources: + - routes + - services + verbs: + - get + - list + - watch diff --git a/config/201-serviceaccounts.yaml b/config/201-serviceaccounts.yaml new file mode 100644 index 00000000..f04f4cdf --- /dev/null +++ b/config/201-serviceaccounts.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: typhoon-controller + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: typhoon-webhook + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon diff --git a/config/202-clusterrolebinding-webhook.yaml b/config/202-clusterrolebinding-webhook.yaml new file mode 100644 index 00000000..14259368 --- /dev/null +++ b/config/202-clusterrolebinding-webhook.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typhoon-webhook + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-webhook + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typhoon-webhook diff --git a/config/202-clusterrolebindings.yaml b/config/202-clusterrolebindings.yaml new file mode 100644 index 00000000..c3b196da --- /dev/null +++ b/config/202-clusterrolebindings.yaml @@ -0,0 +1,119 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typhoon-controller + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typhoon-controller + +--- + +# Permissions not required by controllers directly, but granted to +# receive-adapters via RoleBindings. +# +# Without them, the following error is thrown: +# "attempting to grant RBAC permissions not currently held" +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: awssnssource-adapter + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: awssnssource-adapter +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: zendesksource-adapter + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: zendesksource-adapter +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: filter-adapter + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: filter-adapter +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: splitter-adapter + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: splitter-adapter + +--- + +# Resolve sink URIs when Knative is installed +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typhoon-controller-addressable-resolver-from-knative + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: addressable-resolver + +--- + +# Resolve sink URIs when typhoon Core is installed +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typhoon-controller-addressable-resolver-from-typhoon + labels: + app.kubernetes.io/part-of: typhoon +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: addressable-resolver-typhoon diff --git a/config/300-cloudeventssource.yaml b/config/300-cloudeventssource.yaml new file mode 100644 index 00000000..8247610a --- /dev/null +++ b/config/300-cloudeventssource.yaml @@ -0,0 +1,292 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cloudeventssources.sources.typhoon.zeiss.com + labels: + eventing.knative.dev/source: 'true' + duck.knative.dev/source: 'true' + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' +spec: + group: sources.typhoon.zeiss.com + scope: Namespaced + names: + kind: CloudEventsSource + plural: cloudeventssources + categories: + - all + - knative + - eventing + - sources + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon event source for receiving arbitrary CloudEvents over HTTP. + type: object + properties: + spec: + description: Specification for the CloudEvents source. + type: object + properties: + + credentials: + description: Optional credentials specification for incoming requests. + type: object + properties: + + basicAuths: + description: Array of HTTP basic authentication parameters, all present usernames and passwords are considered + valid. + type: array + items: + type: object + properties: + username: + description: User name for HTTP Basic authentication. + type: string + password: + description: Password for HTTP Basic authentication. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + description: Name of the Secret object. + type: string + key: + description: Key from the Secret object. + type: string + required: + - name + - key + required: [valueFromSecret] + required: + - username + - password + + required: [basicAuths] + + path: + description: Path where incoming CloudEvents will be accepted. + type: string + + rateLimiter: + description: Rate limiter provides a mechanism to reject incoming requests when a threshold is trespassed, + informing the caller to retry later. + type: object + properties: + requestsPerSecond: + description: Number of requests accepted per time duration. + type: integer + required: + - requestsPerSecond + + ceOverrides: + description: Defines overrides/additions to incoming CloudEvents attributes. + type: object + properties: + extensions: + type: object + properties: + type: + type: string + source: + type: string + subject: + type: string + required: + - extensions + + sink: + description: The destination of events generated from requests to the source. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - sink + status: + description: Reported status of the event source. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Public address of the HTTP/S endpoint exposing the source. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: URL + type: string + jsonPath: .status.address.url + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/300-httppollersource.yaml b/config/300-httppollersource.yaml new file mode 100644 index 00000000..48fefd18 --- /dev/null +++ b/config/300-httppollersource.yaml @@ -0,0 +1,273 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: httppollersources.sources.typhoon.zeiss.com + labels: + eventing.knative.dev/source: 'true' + duck.knative.dev/source: 'true' + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' +spec: + group: sources.typhoon.zeiss.com + scope: Namespaced + names: + kind: HTTPPollerSource + plural: httppollersources + categories: + - all + - knative + - eventing + - sources + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon event source for sourcing events by polling HTTP/S endpoints. + type: object + properties: + spec: + description: Desired state of the event source. + type: object + properties: + eventType: + description: "Value of the CloudEvents 'type' attribute to set on ingested events. Describes the type of event + related to the originating occurrence. Please refer to the CloudEvents specification for more details: https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#type" + type: string + eventSource: + description: "Value of the CloudEvents 'source' attribute to set on ingested events. Identifies the context + in which an event happened. Must be expressed as a URI-reference. Please refer to the CloudEvents specification + for more details: https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#source-1" + type: string + endpoint: + description: HTTP/S URL of the endpoint to poll data from. + type: string + format: url + pattern: ^https?:\/\/.+$ + method: + description: HTTP request method to use in requests to the specified 'endpoint'. + type: string + enum: [GET, POST, PUT, PATCH, DELETE] + skipVerify: + description: Controls whether the HTTP client verifies the server's certificate chain and host name when communicating + over TLS. + type: boolean + caCertificate: + description: CA certificate in X.509 format the HTTP client should use to verify the identity of remote servers + when communicating over TLS. + type: string + basicAuthUsername: + description: User name to set in HTTP requests that require HTTP Basic authentication. + type: string + basicAuthPassword: + description: Password to set in HTTP requests that require HTTP Basic authentication. + type: object + properties: + value: + description: Literal value of the password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + description: Name of the Secret object. + type: string + key: + description: Key from the Secret object. + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + headers: + description: HTTP headers to include in HTTP requests sent to the endpoint. + type: object + additionalProperties: + type: string + interval: + description: Duration which defines how often the HTTP/S endpoint should be polled. Expressed as a duration + string, which format is documented at https://pkg.go.dev/time#ParseDuration. + type: string + sink: + description: The destination of events generated by polling the HTTP/S endpoint. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - eventType + - method + - endpoint + - interval + - sink + status: + description: Reported status of the event source. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/300-kafkasource.yaml b/config/300-kafkasource.yaml new file mode 100644 index 00000000..0459b363 --- /dev/null +++ b/config/300-kafkasource.yaml @@ -0,0 +1,406 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkasources.sources.typhoon.zeiss.com + labels: + eventing.knative.dev/source: 'true' + duck.knative.dev/source: 'true' + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.knative.dev/eventTypes: | + [ + { "type": "io.typhoon.kafka.event" } + ] +spec: + group: sources.typhoon.zeiss.com + scope: Namespaced + names: + kind: KafkaSource + plural: kafkasources + categories: + - all + - knative + - eventing + - sources + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon event source for Kafka. + type: object + properties: + spec: + description: Desired state of the event source. + type: object + properties: + topic: + description: Topic name to stream the target events to. + type: string + bootstrapServers: + description: Array of Kafka servers used to bootstrap the connection. + type: array + items: + type: string + minLength: 1 + groupID: + description: The ID of the kafka group. + type: string + auth: + description: Authentication method used to interact with Kafka. + type: object + properties: + saslEnable: + description: Boolean to indicate if SASL is enabled. + type: boolean + tlsEnable: + description: Boolean to indicate if TLS is enabled. + type: boolean + securityMechanism: + description: securityMechanism attribute indicate which mechanism to use. + type: string + enum: [GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512] + username: + description: Kafka account username. + type: string + password: + description: Kafka account password. + type: object + properties: + value: + description: Plain text password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + kerberos: + description: Kerberos Authentication method to interact with Kafka. + type: object + properties: + realm: + description: The name of the Kerberos Realm. + type: string + serviceName: + description: The primary name of the Kafka server configured. + type: string + username: + description: Kerberos username or Kerberos Principal Name. The Username or the Principal doesn't require + the Realm in it. + type: string + password: + description: Kerberos Password. + type: object + properties: + value: + description: Plain text password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + config: + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the kerberos configuration file + (krb5.conf). + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + keytab: + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the kerberos keytab file contents. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + tls: + description: TLS Authentication method to interact with Kafka. + type: object + properties: + ca: + description: The value to the configured CA. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the CA content. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + clientCert: + description: The value of the Client Cert. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the Client Cert content. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + clientKey: + description: The value of the Client Key. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the Client Key content. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + skipVerify: + description: SkipVerify controls whether a client verifies the server's certificate chain and host + name. If skipVerify is true, crypto/tls accepts any certificate presented by the server and any + host name in that certificate. In this mode, TLS is susceptible to machine-in-the-middle attacks + unless custom verification is used. This should be used only for testing. + type: boolean + required: + - saslEnable + sink: + description: The destination of events sourced from Kafka Kafka. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - bootstrapServers + - topic + - groupID + - sink + status: + description: Reported status of the event source. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Public address of the HTTP/S endpoint exposing the source. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: URL + type: string + jsonPath: .status.address.url + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/300-ocimetricssource.yaml b/config/300-ocimetricssource.yaml new file mode 100644 index 00000000..5d07639c --- /dev/null +++ b/config/300-ocimetricssource.yaml @@ -0,0 +1,324 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ocimetricssources.sources.typhoon.zeiss.com + labels: + eventing.knative.dev/source: 'true' + duck.knative.dev/source: 'true' + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.knative.dev/eventTypes: | + [ + { + "type": "com.oracle.cloud.monitoring", + "schema": "https://raw.githubusercontent.com/typhoon/typhoon/main/schemas/com.oracle.cloud.monitoring.json", + "description": "" + } + ] +spec: + group: sources.typhoon.zeiss.com + scope: Namespaced + names: + kind: OCIMetricsSource + plural: ocimetricssources + categories: + - all + - knative + - eventing + - sources + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon event source for Oracle Cloud Infrastructure (OCI) Metrics. + type: object + properties: + spec: + description: Desired state of the event source. + type: object + properties: + oracleApiPrivateKey: + description: PEM encoded API private key that has access to the OCI metrics API. + type: object + properties: + value: + description: Literal value of the private key. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret containing the private key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + oracleApiPrivateKeyPassphrase: + description: Passphrase to unlock the 'oracleApiPrivateKey'. + type: object + properties: + value: + description: Literal value of the passphrase. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret containing the passphrase. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + oracleApiPrivateKeyFingerprint: + description: MD5 fingerprint of 'oracleApiPrivateKey'. + type: object + properties: + value: + description: Literal value of the fingerprint. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret containing the fingerprint. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + oracleTenancy: + description: OCID of the target tenancy. + type: string + oracleUser: + description: OCID of the target user associated with the 'oracleApiPrivateKey'. + type: string + oracleRegion: + description: OCI target region. + type: string + metricsPollingFrequency: + description: Polling frequency of the OCI API for metrics details (supported values 1m-60m, 1h-24h, 1d). + type: string + metrics: + description: Array of metrics to poll for. + type: array + items: + type: object + properties: + name: + description: Used as the event source for the metric. + type: string + metricsNamespace: + description: Type of metrics to pull from such as oci_computeagent, oci_apigateway, oci_vnc, or oci_compute_infrastructure_health. + type: string + metricsQuery: + description: Metrics query to send based off of OCI Monitoring Query Language. + type: string + oracleCompartment: + description: OCID of the target compartment (if not specified, default to the value of 'oracleTenancy'). + type: string + required: + - name + - metricsNamespace + - metricsQuery + sink: + description: The destination of events sourced from OCI metrics. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - oracleApiPrivateKey + - oracleApiPrivateKeyPassphrase + - oracleApiPrivateKeyFingerprint + - oracleTenancy + - oracleUser + - oracleRegion + - metrics + - sink + status: + description: Reported status of the event source. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: URL + type: string + jsonPath: .status.address.url + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/300-webhooksource.yaml b/config/300-webhooksource.yaml new file mode 100644 index 00000000..1a9a5fea --- /dev/null +++ b/config/300-webhooksource.yaml @@ -0,0 +1,277 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: webhooksources.sources.typhoon.zeiss.com + labels: + eventing.knative.dev/source: 'true' + duck.knative.dev/source: 'true' + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' +spec: + group: sources.typhoon.zeiss.com + scope: Namespaced + names: + kind: WebhookSource + plural: webhooksources + categories: + - all + - knative + - eventing + - sources + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon event source for receiving arbitrary events over a HTTP/S webhook. + type: object + properties: + spec: + description: Desired state of the event source. + type: object + properties: + eventType: + description: "Value of the CloudEvents 'type' attribute to set on ingested events. Describes the type of event + related to the originating occurrence. Please refer to the CloudEvents specification for more details: https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#type" + type: string + eventSource: + description: "Value of the CloudEvents 'source' attribute to set on ingested events. Identifies the context + in which an event happened. Must be expressed as a URI-reference. Please refer to the CloudEvents specification + for more details: https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#source-1" + type: string + eventExtensionAttributes: + description: CloudEvents extension attributes to be added based on HTTP request fields. + type: object + properties: + from: + description: Source elements to create attributes from. Elements that might contain multiple values (headers, + queries) will convert all of them into extension attributes + type: array + items: + type: string + enum: + - method + - path + - host + - queries + - headers + required: + - from + corsAllowOrigin: + description: Value of the CORS 'Access-Control-Allow-Origin' header to set on ingested requests. + type: string + basicAuthUsername: + description: User name HTTP clients must set to authenticate with the webhook using HTTP Basic authentication. + type: string + basicAuthPassword: + description: Password HTTP clients must set to authenticate with the webhook using HTTP Basic authentication. + type: object + properties: + value: + description: Literal value of the password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + description: Name of the Secret object. + type: string + key: + description: Key from the Secret object. + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + sink: + description: The destination of events generated from requests to the webhook. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - eventType + - sink + status: + description: Reported status of the event source. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Public address of the HTTP/S endpoint exposing the webhook. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: URL + type: string + jsonPath: .status.address.url + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-cloudeventstarget.yaml b/config/301-cloudeventstarget.yaml new file mode 100644 index 00000000..5e0e549b --- /dev/null +++ b/config/301-cloudeventstarget.yaml @@ -0,0 +1,228 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cloudeventstargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: targets.typhoon.zeiss.com + names: + kind: CloudEventsTarget + plural: cloudeventstargets + categories: + - all + - knative + - eventing + - targets + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: typhoon event target that acts as a gateway for outgoing CloudEvents. + properties: + spec: + type: object + description: Desired state of event target. + properties: + + endpoint: + description: An HTTP CloudEvents endpoint to stream events to. + type: string + format: url + pattern: ^https?:\/\/.+$ + + path: + description: Path at the remote endpoint under which requests are accepted. + type: string + + credentials: + description: Optional credentials specification for remote CloudEvents endpoint. + type: object + properties: + basicAuth: + description: HTTP basic authentication parameters. + type: object + properties: + username: + description: User name for HTTP Basic authentication. + type: string + password: + description: Password for HTTP Basic authentication. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + description: Name of the Secret object. + type: string + key: + description: Key from the Secret object. + type: string + required: + - name + - key + required: [valueFromSecret] + required: + - username + - password + + required: [basicAuth] + + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - endpoint + + status: + type: object + description: Reported status of the event target. + properties: + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-httptarget.yaml b/config/301-httptarget.yaml new file mode 100644 index 00000000..205fcc27 --- /dev/null +++ b/config/301-httptarget.yaml @@ -0,0 +1,269 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: httptargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { + "type": "io.typhoon.http.request", + "schema": "https://raw.githubusercontent.com/typhoon/typhoon/main/schemas/io.typhoon.http.request.json" + }, + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: targets.typhoon.zeiss.com + names: + kind: HTTPTarget + plural: httptargets + categories: + - all + - knative + - eventing + - targets + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: typhoon event target for generic HTTP endpoints. + properties: + spec: + type: object + description: Desired state of event target. + properties: + response: + description: HTTP target response event attributes. + type: object + properties: + eventType: + description: EventType is required to set the Type for the ingested event. + type: string + minLength: 1 + eventSource: + description: EventSource is an optional but recommended field for identifying the instance producing the + events. + type: string + required: + - eventType + endpoint: + description: An HTTP based REST endpoint to stream events to. + type: string + format: url + pattern: ^https?:\/\/.+$ + method: + description: The HTTP method to use for the request. + type: string + enum: [GET, POST, PUT, PATCH, DELETE] + skipVerify: + description: Skip validation and verification of the SSL/TLS certificate. + type: boolean + default: false + caCertificate: + description: The CA certificate used to sign the certificated used by the target server. + type: string + basicAuthUsername: + description: When using HTTP Basic authentication, the username to connect to the target service. + type: string + basicAuthPassword: + description: When using HTTP Basic authentication, the password to connect to the target service. + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + oauthClientID: + description: When using OAuth, the client id used to authenticate against the target service. + type: string + oauthClientSecret: + description: When using OAuth, the client secret used to authenticate against the target service + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + oauthTokenURL: + description: When using OAuth, the Token URL used to sign the request against. + type: string + oauthScopes: + description: When using OAuth, the scopes required by the target to use the service. + type: array + items: + type: string + headers: + description: Additional headers required to be set when communicating wiht the target service. + type: object + additionalProperties: + type: string + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - endpoint + - method + status: + type: object + description: Reported status of the event target. + properties: + observedGeneration: + type: integer + format: int64 + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-kafkatarget.yaml b/config/301-kafkatarget.yaml new file mode 100644 index 00000000..5252ed79 --- /dev/null +++ b/config/301-kafkatarget.yaml @@ -0,0 +1,372 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkatargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] +spec: + group: targets.typhoon.zeiss.com + names: + kind: KafkaTarget + plural: kafkatargets + categories: + - all + - knative + - eventing + - targets + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: typhoon event target for Kafka. + properties: + spec: + description: Desired state of event target. + type: object + properties: + topic: + description: Topic name to stream the target events to. + type: string + minLength: 1 + topicReplicationFactor: + description: The number of replicas required to stream to the topic. + type: integer + minimum: 1 + maximum: 32767 + topicPartitions: + description: The number of partitions used by the topic to stream an event to. + type: integer + minimum: 1 + maximum: 2147483647 + bootstrapServers: + description: Array of Kafka servers used to bootstrap the connection. + type: array + items: + type: string + minLength: 1 + auth: + description: Authentication method used to interact with Kafka. + type: object + properties: + saslEnable: + description: Boolean to indicate if SASL is enabled. + type: boolean + tlsEnable: + description: Boolean to indicate if TLS is enabled. + type: boolean + securityMechanism: + description: securityMechanism attribute indicate which mechanism to use. + type: string + enum: [GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512] + username: + description: Kafka account username when using SASL. + type: string + password: + description: Kafka account password when using SASL. + type: object + properties: + value: + description: Plain text password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + kerberos: + description: Kerberos Authentication method to interact with Kafka. + type: object + properties: + realm: + description: Name of the Kerberos Realm. + type: string + serviceName: + description: The primary name of the Kafka server configured. + type: string + username: + description: Kerberos username or Kerberos Principal Name. The Username or the Principal doesn't require + the Realm in it. + type: string + password: + description: Kerberos Password. + type: object + properties: + value: + description: Plain text password. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the password. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + config: + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the kerberos configuration file + (krb5.conf). + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + keytab: + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the kerberos keytab file contents. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + tls: + description: TLS Authentication method to interact with Kafka. + type: object + properties: + ca: + description: The value to the configured CA. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the value. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + clientCert: + description: The value of the SSL Client Cert. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the Client Cert content. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + clientKey: + description: The value of the SSL Client Key. + type: object + properties: + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the Client Key content. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + required: + - valueFromSecret + skipVerify: + description: SkipVerify controls whether a client verifies the server's certificate chain and host + name. If skipVerify is true, crypto/tls accepts any certificate presented by the server and any + host name in that certificate. In this mode, TLS is susceptible to machine-in-the-middle attacks + unless custom verification is used. This should be used only for testing. + type: boolean + required: + - saslEnable + discardCloudEventContext: + description: Whether to omit CloudEvent context attributes in messages sent to Kafka. When this property is + false (default), the entire CloudEvent payload is included. When this property is true, only the CloudEvent + data is included. + type: boolean + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - bootstrapServers + - topic + status: + type: object + description: Reported status of the event target. + properties: + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-logzmetricstarget.yaml b/config/301-logzmetricstarget.yaml new file mode 100644 index 00000000..37a3847b --- /dev/null +++ b/config/301-logzmetricstarget.yaml @@ -0,0 +1,251 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: logzmetricstargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type" : "io.typhoon.opentelemetry.metrics.push" } + ] +spec: + group: targets.typhoon.zeiss.com + names: + kind: LogzMetricsTarget + plural: logzmetricstargets + categories: + - all + - knative + - eventing + - targets + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: The OpenTelemetry metrics target pushes metrics to a range of backends. + properties: + spec: + type: object + description: The OpenTelemetry target exposes a common interface to a range of metrics backends. + properties: + connection: + type: object + description: Connection information for LogzMetrics. + properties: + listenerURL: + type: string + description: Listener URL for pushing metrics. + token: + type: object + description: Token for connecting to Logz metrics listener. + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + instruments: + type: array + description: Instruments configured for pushing metrics. It is mandatory that all metrics pushed by using + this target are pre-registered using this list. + items: + type: object + minLength: 1 + properties: + name: + type: string + description: Name for the Instrument. + description: + type: string + description: Description for the Instrument. + instrument: + type: string + enum: [Histogram, Counter, UpDownCounter] + description: "Instrument Kind as defined by OpenTelemetry. Supported values are\n- Histogram, for absolute + values that can be aggregated. - Counter, for delta values that increase monotonically. - UpDownCounter, + for delta values that can increase and decrease." + number: + type: string + enum: [Int64, Float64] + description: "Number Kind as defined by OpenTelemetry. Defines the measure data type accepted by the + Instrument. Supported values are\n- Int64 - Float64" + required: + - name + - instrument + - number + eventOptions: + type: object + description: Event replies options. + properties: + payloadPolicy: + description: "Whether this target should generate response events. Possible values are\n- always, if a + response is available it will be sent. - error, only responses categorized as errors will be sent. - + never, no responses will be sent." + + type: string + enum: [always, error, never] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - connection + - instruments + status: + type: object + properties: + acceptedEventTypes: + type: array + items: + type: string + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-logztarget.yaml b/config/301-logztarget.yaml new file mode 100644 index 00000000..1f551ee0 --- /dev/null +++ b/config/301-logztarget.yaml @@ -0,0 +1,220 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: logztargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "io.typhoon.logz.ship.response" } + ] + +spec: + group: targets.typhoon.zeiss.com + names: + kind: LogzTarget + plural: logztargets + categories: + - all + - knative + - eventing + - targets + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: typhoon event target for Logz. + properties: + spec: + description: Desired state of event target. + type: object + properties: + shippingToken: + description: API token used to authenticate the event being streamed. + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + eventOptions: + type: object + description: 'When should this target generate a response event for processing: always, on error, or never.' + properties: + payloadPolicy: + type: string + enum: [always, error, never] + logsListenerURL: + type: string + description: Logz listener host to stream events to. + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - shippingToken + - logsListenerURL + status: + type: object + description: Reported status of the event target. + properties: + acceptedEventTypes: + type: array + items: + type: string + ceAttributes: + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + required: + - type + - source + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/301-splunktarget.yaml b/config/301-splunktarget.yaml new file mode 100644 index 00000000..9cc31411 --- /dev/null +++ b/config/301-splunktarget.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: splunktargets.targets.typhoon.zeiss.com + labels: + knative.dev/crd-install: 'true' + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] +spec: + group: targets.typhoon.zeiss.com + scope: Namespaced + names: + kind: SplunkTarget + plural: splunktargets + categories: + - all + - knative + - eventing + - targets + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: typhoon event target for Splunk. + properties: + spec: + type: object + properties: + endpoint: + type: string + description: URL of the HTTP Event Collector (HEC). Only the scheme, hostname, and port (optionally) are evaluated. + When the URL path is not present, the one documented at Splunk is automatically used. See https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Enable_HTTP_Event_Collector. + format: url + pattern: ^https?:\/\/.+$ + token: + type: object + description: Token for authenticating requests against the HEC. See https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#About_Event_Collector_tokens. + properties: + value: + type: string + format: guid + pattern: ^[0-9A-Fa-f]{8}(?:-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}$ + valueFromSecret: + type: object + properties: + name: + type: string + key: + type: string + oneOf: + - required: [value] + - required: [valueFromSecret] + index: + type: string + description: Name of the index to send events to. When undefined, events are sent to the default index defined + in the HEC token's configuration. + pattern: ^[\w-]+$ + skipTLSVerify: + description: Control whether the target should verify the SSL/TLS certificate used by the event collector. + type: boolean + discardCloudEventContext: + description: Whether to omit CloudEvent context attributes in messages sent to Splunk. When this property + is false (default), the entire CloudEvent payload is included. When this property is true, only the CloudEvent + data is included. + type: boolean + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - endpoint + - token + status: + type: object + description: Reported status of the event target. + properties: + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/302-filter.yaml b/config/302-filter.yaml new file mode 100644 index 00000000..2580693f --- /dev/null +++ b/config/302-filter.yaml @@ -0,0 +1,210 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: filters.routing.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: routing.typhoon.zeiss.com + scope: Namespaced + names: + kind: Filter + plural: filters + singular: filter + categories: + - all + - typhoon + - routing + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon content-based events filter. + type: object + properties: + spec: + description: Desired state of the filter. + type: object + required: + - expression + - sink + properties: + expression: + description: Google CEL-like expression string. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + anyOf: + - required: [ref] + - required: [uri] + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/302-splitter.yaml b/config/302-splitter.yaml new file mode 100644 index 00000000..6ec65324 --- /dev/null +++ b/config/302-splitter.yaml @@ -0,0 +1,229 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: splitters.routing.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: routing.typhoon.zeiss.com + scope: Namespaced + names: + kind: Splitter + plural: splitters + singular: splitter + categories: + - all + - typhoon + - routing + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon content-based events splitter. + type: object + properties: + spec: + description: Desired state of the splitter. + type: object + required: + - ceContext + - sink + properties: + path: + type: string + description: JSONPath expression representing the key containing the data array to split. Defaults to the + root. + ceContext: + type: object + required: + - type + - source + description: Context attributes to set on produced CloudEvents. + properties: + type: + type: string + description: CloudEvent "type" context attribute. + source: + type: string + description: CloudEvent "source" context attribute. Accepts a JSONPath expressions in brackets (e.g. "user/{.name}"). + extensions: + type: object + description: Additional context extensions to set on produced CloudEvents. + additionalProperties: + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + anyOf: + - required: [ref] + - required: [uri] + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/303-function.yaml b/config/303-function.yaml new file mode 100644 index 00000000..f6f74b4d --- /dev/null +++ b/config/303-function.yaml @@ -0,0 +1,254 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: functions.extensions.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: extensions.typhoon.zeiss.com + scope: Namespaced + names: + kind: Function + plural: functions + singular: function + categories: + - all + - typhoon + - extensions + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon Function. + type: object + properties: + spec: + description: Desired state of the function. + type: object + required: + - runtime + - entrypoint + - code + properties: + runtime: + description: Function runtime name. Python, Ruby or Node runtimes are currently supported. + type: string + enum: [python, ruby, node] + code: + description: Function code. + type: string + entrypoint: + description: Function name to use as an entrypoint. + type: string + responseIsEvent: + description: Whether function responds with CE payload only or with full event. + type: boolean + eventStore: + description: EventStore service connection string. + type: object + properties: + uri: + type: string + required: + - uri + ceOverrides: + type: object + description: Defines overrides to control modifications of the event attributes. + properties: + extensions: + type: object + properties: + type: + type: string + source: + type: string + subject: + type: string + required: + - extensions + sink: + description: The destination of events emitted by the component. If left empty, the events will be sent back + to the sender. + type: object + anyOf: + - required: [ref] + - required: [uri] + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + configMap: + description: Identity of the ConfigMap containing the code of the Function. + type: object + properties: + name: + description: Name of the ConfigMap. + type: string + resourceVersion: + description: Observed revision of the ConfigMap. + type: string + required: + - name + - resourceVersion + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/304-jqtransformation.yaml b/config/304-jqtransformation.yaml new file mode 100644 index 00000000..50f9a209 --- /dev/null +++ b/config/304-jqtransformation.yaml @@ -0,0 +1,223 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jqtransformations.flow.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "io.typhoon.jqtransformation.error" }, + { "type": "*" } + ] +spec: + group: flow.typhoon.zeiss.com + scope: Namespaced + names: + kind: JQTransformation + plural: jqtransformations + categories: + - all + - knative + - eventing + - typhoon + - transformations + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon CloudEvents JSON Query Transformation engine. + type: object + properties: + spec: + description: Desired state of the transformer. + type: object + properties: + query: + description: The JSON Query to perform on the incoming event + type: string + sink: + description: The destination of events emitted by the component. If left empty, the events will be sent back + to the sender. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Reported status of the transformer. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + description: CloudEvents context attributes overrides. + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Address of the HTTP/S endpoint where the transformer is serving incoming CloudEvents. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/304-synchronizer.yaml b/config/304-synchronizer.yaml new file mode 100644 index 00000000..be67edc5 --- /dev/null +++ b/config/304-synchronizer.yaml @@ -0,0 +1,235 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: synchronizers.flow.typhoon.zeiss.com + labels: + duck.knative.dev/addressable: 'true' + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] +spec: + group: flow.typhoon.zeiss.com + names: + kind: Synchronizer + plural: synchronizers + categories: + - all + - knative + - eventing + - flow + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Desired state of the event synchronizer. + type: object + properties: + correlationKey: + description: Events correlation parameters. + type: object + properties: + attribute: + description: The name of the correlation key that will be injected into the CloudEvents context. Events + without this attribute are forwarded to the Sink as the client requests while client connections are + held open. Events, which context already has the correlation key, are sent back to the open client connections. + type: string + length: + description: The length of the correlation key to generate. The default value is 24. + type: integer + minimum: 1 + maximum: 64 + default: 24 + required: + - attribute + response: + description: Responses handling configuration. + type: object + properties: + timeout: + description: The time during which the synchronizer will block the client and wait for the response. Expressed + as a duration string, which format is documented at https://pkg.go.dev/time#ParseDuration. + type: string + required: + - timeout + sink: + description: The destination where the synchronizer will forward incoming requests from the clients. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - correlationKey + - response + - sink + status: + type: object + description: Reported status of the event synchronizer. + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/config/304-transformation.yaml b/config/304-transformation.yaml new file mode 100644 index 00000000..51e47ddb --- /dev/null +++ b/config/304-transformation.yaml @@ -0,0 +1,280 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: transformations.flow.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "*" } + ] +spec: + group: flow.typhoon.zeiss.com + scope: Namespaced + names: + kind: Transformation + plural: transformations + categories: + - all + - knative + - eventing + - transformations + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon CloudEvents transformation engine. Allows to declaratively perform data transformations on + CloudEvents. + type: object + properties: + spec: + description: Desired state of the transformation object. + type: object + properties: + context: + description: CloudEvents Context attributes transformation spec. + type: array + items: + description: The list of transformation operations executed on the event context sequentially. + type: object + properties: + operation: + description: Name of the transformation operation. + type: string + enum: [add, delete, shift, store, parse] + paths: + description: Key-value event pairs to apply the transformations on. + type: array + items: + type: object + properties: + key: + description: JSON path or variable name. Depends on the operation type. + nullable: true + type: string + value: + description: JSON path or variable name. Depends on the operation type. + nullable: true + type: string + separator: + description: JSON path separator symbol. "." is used by default. + nullable: true + type: string + required: + - operation + data: + description: CloudEvents Data transformation spec. + type: array + items: + description: The list of transformation operations executed on the event data sequentially. + type: object + properties: + operation: + description: Name of the transformation operation. + type: string + enum: [add, delete, shift, store, parse] + paths: + description: Key-value event pairs to apply the transformations on. + type: array + items: + type: object + properties: + key: + description: JSON path or variable name. Depends on the operation type. + nullable: true + type: string + value: + description: JSON path or variable name. Depends on the operation type. + nullable: true + type: string + separator: + description: JSON path separator symbol. "." is used by default. + nullable: true + type: string + required: + - operation + sink: + description: The destination of events emitted by the component. If left empty, the events will be sent back + to the sender. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Reported status of Transformation. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + description: CloudEvents context attributes overrides. + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Address of the HTTP/S endpoint where Transformation is serving incoming CloudEvents. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/304-xmltojsontransformation.yaml b/config/304-xmltojsontransformation.yaml new file mode 100644 index 00000000..95736974 --- /dev/null +++ b/config/304-xmltojsontransformation.yaml @@ -0,0 +1,220 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: xmltojsontransformations.flow.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + duck.knative.dev/addressable: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "io.typhoon.xmltojsontransformation.error" }, + { "type": "*" } + ] +spec: + group: flow.typhoon.zeiss.com + scope: Namespaced + names: + kind: XMLToJSONTransformation + plural: xmltojsontransformations + categories: + - all + - knative + - eventing + - typhoon + - transformations + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon CloudEvents XML to JSON Transformation engine. + type: object + properties: + spec: + description: Desired state of the transformer. + type: object + properties: + sink: + description: The destination of events emitted by the component. If left empty, the events will be sent back + to the sender. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Reported status of the transformer. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + ceAttributes: + description: CloudEvents context attributes overrides. + type: array + items: + type: object + properties: + type: + type: string + source: + type: string + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Address of the HTTP/S endpoint where the transformer is serving incoming CloudEvents. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/304-xslttransformation.yaml b/config/304-xslttransformation.yaml new file mode 100644 index 00000000..f0474da4 --- /dev/null +++ b/config/304-xslttransformation.yaml @@ -0,0 +1,248 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: xslttransformations.flow.typhoon.zeiss.com + labels: + typhoon.zeiss.com/crd-install: 'true' + annotations: + registry.typhoon.zeiss.com/acceptedEventTypes: | + [ + { "type": "*" } + ] + registry.knative.dev/eventTypes: | + [ + { "type": "io.typhoon.xslttransformation.error" }, + { "type": "*" } + ] +spec: + group: flow.typhoon.zeiss.com + scope: Namespaced + names: + kind: XSLTTransformation + plural: xslttransformations + categories: + - all + - knative + - eventing + - typhoon + - transformations + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: typhoon CloudEvents XSLT transformation. + type: object + properties: + spec: + description: Desired state of the typhoon component. + type: object + properties: + xslt: + description: XSLT used to transform incoming CloudEvents. + type: object + properties: + value: + description: Literal inline value. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the value. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + valueFromConfigMap: + description: A reference to a Kubernetes ConfigMap object containing the value. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + - required: [valueFromConfigMap] + allowPerEventXSLT: + description: Whether the XSLT informed at the spec can be overriden at each CloudEvent. + type: boolean + sink: + description: The destination of events emitted by the component. If left empty, the events will be sent back + to the sender. + type: object + properties: + ref: + description: Reference to an addressable Kubernetes object to be used as the destination of events. + type: object + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + name: + type: string + required: + - apiVersion + - kind + - name + uri: + description: URI to use as the destination of events. + type: string + format: uri + anyOf: + - required: [ref] + - required: [uri] + adapterOverrides: + description: Kubernetes object parameters to apply on top of default adapter values. + type: object + properties: + annotations: + description: Adapter annotations. + type: object + additionalProperties: + type: string + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string + env: + description: Adapter environment variables. + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + public: + description: Adapter visibility scope. + type: boolean + resources: + description: Compute Resources required by the adapter. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info at https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + tolerations: + description: Pod tolerations, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + Tolerations require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: array + items: + type: object + properties: + key: + description: Taint key that the toleration applies to. + type: string + operator: + description: Key's relationship to the value. + type: string + enum: [Exists, Equal] + value: + description: Taint value the toleration matches to. + type: string + effect: + description: Taint effect to match. + type: string + enum: [NoSchedule, PreferNoSchedule, NoExecute] + tolerationSeconds: + description: Period of time a toleration of effect NoExecute tolerates the taint. + type: integer + format: int64 + nodeSelector: + description: NodeSelector only allow the object pods to be created at nodes where all selector labels + are present, as documented at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. + NodeSelector require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + additionalProperties: + type: string + affinity: + description: Scheduling constraints of the pod. More info at https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. + Affinity require additional configuration for Knative-based deployments - https://knative.dev/docs/serving/configuration/feature-flags/ + type: object + x-kubernetes-preserve-unknown-fields: true + anyOf: + - required: [xslt] + - required: [allowPerEventXSLT] + status: + description: Reported status. + type: object + properties: + sinkUri: + description: URI of the sink where events are currently sent to. + type: string + format: uri + observedGeneration: + type: integer + format: int64 + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + enum: ['True', 'False', Unknown] + severity: + type: string + enum: [Error, Warning, Info] + reason: + type: string + message: + type: string + lastTransitionTime: + type: string + format: date-time + required: + - type + - status + address: + description: Address of the HTTP/S endpoint where component is listening for incoming CloudEvents. + type: object + properties: + url: + type: string + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Ready + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].status + - name: Reason + type: string + jsonPath: .status.conditions[?(@.type=='Ready')].reason diff --git a/config/500-controller.yaml b/config/500-controller.yaml new file mode 100644 index 00000000..ca593d89 --- /dev/null +++ b/config/500-controller.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: typhoon-controller + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon + +spec: + replicas: 1 + selector: + matchLabels: + app: typhoon-controller + + template: + metadata: + labels: + app: typhoon-controller + + spec: + serviceAccountName: typhoon-controller + + containers: + - name: controller + terminationMessagePolicy: FallbackToLogsOnError + image: ko://github.com/typhoon/typhoon/cmd/typhoon-controller + + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + cpu: 200m + memory: 500Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # Logging/observability configuration + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: typhoon.zeiss.com + - name: HTTPPOLLERSOURCE_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/httppollersource-adapter + - name: OCIMETRICSSOURCE_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/ocimetricssource-adapter + - name: KAFKASOURCE_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/kafkasource-adapter + - name: WEBHOOKSOURCE_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/webhooksource-adapter + - name: CLOUDEVENTSTARGET_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/cloudeventstarget-adapter + - name: HTTPTARGET_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/httptarget-adapter + - name: KAFKATARGET_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/kafkatarget-adapter + - name: LOGZTARGET_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/logztarget-adapter + - name: OPENTELEMETRYTARGET_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/opentelemetrytarget-adapter + # Flow adapters + - name: JQTRANSFORMATION_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/jqtransformation-adapter + - name: SYNCHRONIZER_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/synchronizer-adapter + - name: TRANSFORMATION_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/transformation-adapter + - name: XMLTOJSONTRANSFORMATION_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/xmltojsontransformation-adapter + # Routing adapters + - name: FILTER_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/filter-adapter + - name: SPLITTER_IMAGE + value: ko://github.com/typhoon/typhoon/cmd/splitter-adapter + # Function Runtimes + - name: RUNTIME_KLR_PYTHON + value: gcr.io/typhoon/knative-lambda-python310:v1.26.0 + - name: RUNTIME_KLR_NODE + value: gcr.io/typhoon/knative-lambda-node18:v1.26.0 + - name: RUNTIME_KLR_RUBY + value: gcr.io/typhoon/knative-lambda-ruby32:v1.26.0 + # Custom build adapters + - name: IBMMQSOURCE_IMAGE + value: gcr.io/typhoon/ibmmqsource-adapter:latest + - name: IBMMQTARGET_IMAGE + value: gcr.io/typhoon/ibmmqtarget-adapter:latest + - name: XSLTTRANSFORMATION_IMAGE + value: gcr.io/typhoon/xslttransformation-adapter:latest + + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: [all] + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 diff --git a/config/500-webhook-configuration.yaml b/config/500-webhook-configuration.yaml new file mode 100644 index 00000000..f656a1a8 --- /dev/null +++ b/config/500-webhook-configuration.yaml @@ -0,0 +1,46 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: defaulting.webhook.typhoon.zeiss.com + labels: + app.kubernetes.io/part-of: typhoon +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: typhoon-webhook + namespace: typhoon + sideEffects: None + failurePolicy: Fail + name: defaulting.webhook.typhoon.zeiss.com + +--- + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.typhoon.zeiss.com + labels: + app.kubernetes.io/part-of: typhoon +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: typhoon-webhook + namespace: typhoon + sideEffects: None + failurePolicy: Fail + name: validation.webhook.typhoon.zeiss.com + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: typhoon-webhook-certs + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon +# The data is populated at install time. diff --git a/config/500-webhook.yaml b/config/500-webhook.yaml new file mode 100644 index 00000000..82ac47a5 --- /dev/null +++ b/config/500-webhook.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: typhoon-webhook + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon + +spec: + replicas: 1 + selector: + matchLabels: + app: typhoon-webhook + + template: + metadata: + annotations: + sidecar.istio.io/inject: 'false' + labels: + app: typhoon-webhook + + spec: + serviceAccountName: typhoon-webhook + containers: + - name: webhook + terminationMessagePolicy: FallbackToLogsOnError + image: ko://github.com/typhoon/typhoon/cmd/typhoon-webhook + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: METRICS_DOMAIN + value: typhoon.zeiss.com/sources + - name: WEBHOOK_NAME + value: typhoon-webhook + ports: + - containerPort: 9090 + name: metrics + + # TODO set proper resource limits. + + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: webhook + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: webhook + +--- + +apiVersion: v1 +kind: Service +metadata: + name: typhoon-webhook + namespace: typhoon + labels: + app.kubernetes.io/part-of: typhoon +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: typhoon-webhook diff --git a/config/configmaps/config-logging.yaml b/config/configmaps/config-logging.yaml new file mode 100644 index 00000000..c9309768 --- /dev/null +++ b/config/configmaps/config-logging.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: typhoon +data: + # Global logger configuration, applied by default to all typhoon components. + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Logging level overrides for the typhoon control plane. + loglevel.typhoon-controller: info + loglevel.typhoon-webhook: info + + # Logging level overrides for typhoon components. + # The name of the logger is the Kubernetes kind of the component. + loglevel.awss3target: info + loglevel.ibmmqsource: info + loglevel.transformation: info diff --git a/config/configmaps/config-observability.yaml b/config/configmaps/config-observability.yaml new file mode 100644 index 00000000..f0b02c05 --- /dev/null +++ b/config/configmaps/config-observability.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: typhoon +data: + # Enables the Prometheus metrics exporter in all typhoon components. + # Exposes telemetry metrics in a text-based format on the HTTP endpoint :9092/metrics. + metrics.backend-destination: prometheus diff --git a/config/kustomization/namespaced/controller-rbac.yaml b/config/kustomization/namespaced/controller-rbac.yaml new file mode 100644 index 00000000..30dd2358 --- /dev/null +++ b/config/kustomization/namespaced/controller-rbac.yaml @@ -0,0 +1,82 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: typhoon + name: typhoon-controller-watch +rules: +- apiGroups: + - eventing.knative.dev + resources: + - brokers + - brokers/status + verbs: + - list + - watch +- apiGroups: + - messaging.knative.dev + resources: + - channels + - channels/status + verbs: + - list + - watch +- apiGroups: + - messaging.knative.dev + resources: + - channels/finalizers + verbs: + - update +- apiGroups: + - flows.knative.dev + resources: + - sequences + - sequences/status + - parallels + - parallels/status + verbs: + - list + - watch +- apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - list + - watch +- apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: typhoon + app.kubernetes.io/scope: cluster + name: typhoon-controller-watch +subjects: +- kind: ServiceAccount + name: typhoon-controller + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typhoon-controller-watch diff --git a/config/kustomization/namespaced/kustomization.yaml b/config/kustomization/namespaced/kustomization.yaml new file mode 100644 index 00000000..7ab32477 --- /dev/null +++ b/config/kustomization/namespaced/kustomization.yaml @@ -0,0 +1,41 @@ +# We cannot reference resources if they are located outside the current +# directory, so we use the Github project as a remote base. +resources: +- https://github.com/zeiss/typhoon/releases/latest/download/typhoon.yaml +- controller-rbac.yaml +- webhook-rbac.yaml + +namespace: typhoon + +patches: +- target: + kind: ClusterRoleBinding + labelSelector: "app.kubernetes.io/part-of=typhoon, app.kubernetes.io/scope!=cluster" + patch: |- + + - op: replace + path: /kind + value: RoleBinding + + - op: add + path: /metadata/namespace + value: typhoon + +- target: + kind: ClusterRole + name: typhoon-webhook + patch: |- + + - op: remove + path: /rules/7 + +- target: + kind: Deployment + labelSelector: "app.kubernetes.io/part-of=typhoon" + patch: |- + + - op: add + path: /spec/template/spec/containers/0/env/- + value: + name: WORKING_NAMESPACE + value: typhoon diff --git a/config/kustomization/namespaced/webhook-rbac.yaml b/config/kustomization/namespaced/webhook-rbac.yaml new file mode 100644 index 00000000..89c7e0b9 --- /dev/null +++ b/config/kustomization/namespaced/webhook-rbac.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: typhoon + + name: typhoon-webhook-config + +rules: +# For actually registering our webhook. +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +# Acquire leases for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: typhoon + app.kubernetes.io/scope: cluster + name: typhoon-webhook-config +subjects: +- kind: ServiceAccount + name: typhoon-webhook + namespace: typhoon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typhoon-webhook-config diff --git a/config/namespace/100-namespace.yaml b/config/namespace/100-namespace.yaml new file mode 100644 index 00000000..1d12a8ed --- /dev/null +++ b/config/namespace/100-namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: typhoon + +--- diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 00000000..5e1a6d16 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,28 @@ +resources: +- config/200-clusterrole-webhook.yaml +- config/200-clusterroles.yaml +- config/201-serviceaccounts.yaml +- config/202-clusterrolebinding-webhook.yaml +- config/202-clusterrolebindings.yaml +- config/300-cloudeventssource.yaml +- config/300-httppollersource.yaml +- config/300-kafkasource.yaml +- config/300-ocimetricssource.yaml +- config/300-webhooksource.yaml +- config/301-cloudeventstarget.yaml +- config/301-httptarget.yaml +- config/301-kafkatarget.yaml +- config/301-logzmetricstarget.yaml +- config/301-mongodbtarget.yaml +- config/301-logztarget.yaml +- config/302-filter.yaml +- config/302-splitter.yaml +- config/303-function.yaml +- config/304-jqtransformation.yaml +- config/304-synchronizer.yaml +- config/304-transformation.yaml +- config/304-xmltojsontransformation.yaml +- config/304-xslttransformation.yaml +- config/500-controller.yaml +- config/500-webhook-configuration.yaml +- config/500-webhook.yaml