Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

operator sailoperator (0.2.0-nightly-2024-09-11) #5156

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
465 changes: 465 additions & 0 deletions operators/sailoperator/0.2.0-nightly-2024-09-11/README.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,368 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: wasmplugins.extensions.istio.io
spec:
group: extensions.istio.io
names:
categories:
- istio-io
- extensions-istio-io
kind: WasmPlugin
listKind: WasmPluginList
plural: wasmplugins
singular: wasmplugin
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: 'CreationTimestamp is a timestamp representing the server time
when this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
spec:
description: 'Extend the functionality provided by the Istio proxy through
WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
properties:
failStrategy:
description: |-
Specifies the failure behavior for the plugin due to fatal errors.

Valid Options: FAIL_CLOSE, FAIL_OPEN
enum:
- FAIL_CLOSE
- FAIL_OPEN
type: string
imagePullPolicy:
description: |-
The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`.

Valid Options: IfNotPresent, Always
enum:
- UNSPECIFIED_POLICY
- IfNotPresent
- Always
type: string
imagePullSecret:
description: Credentials to use for OCI image pulling.
maxLength: 253
minLength: 1
type: string
match:
description: Specifies the criteria to determine which traffic is
passed to WasmPlugin.
items:
properties:
mode:
description: |-
Criteria for selecting traffic by their direction.

Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER
enum:
- UNDEFINED
- CLIENT
- SERVER
- CLIENT_AND_SERVER
type: string
ports:
description: Criteria for selecting traffic by their destination
port.
items:
properties:
number:
maximum: 65535
minimum: 1
type: integer
required:
- number
type: object
type: array
x-kubernetes-list-map-keys:
- number
x-kubernetes-list-type: map
type: object
type: array
phase:
description: |-
Determines where in the filter chain this `WasmPlugin` is to be injected.

Valid Options: AUTHN, AUTHZ, STATS
enum:
- UNSPECIFIED_PHASE
- AUTHN
- AUTHZ
- STATS
type: string
pluginConfig:
description: The configuration that will be passed on to the plugin.
type: object
x-kubernetes-preserve-unknown-fields: true
pluginName:
description: The plugin name to be used in the Envoy configuration
(used to be called `rootID`).
maxLength: 256
minLength: 1
type: string
priority:
description: Determines ordering of `WasmPlugins` in the same `phase`.
format: int32
nullable: true
type: integer
selector:
description: Criteria used to select the specific set of pods/VMs
on which this plugin configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
rule: '!self.contains(''*'')'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
rule: self.all(key, !key.contains('*'))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
sha256:
description: SHA256 checksum that will be used to verify Wasm module
or OCI container.
pattern: (^$|^[a-f0-9]{64}$)
type: string
targetRef:
properties:
group:
description: group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: kind is kind of the target resource.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: name is the name of the target resource.
maxLength: 253
minLength: 1
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
x-kubernetes-validations:
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
gateway.networking.k8s.io/Gateway
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
targetRefs:
description: Optional.
items:
properties:
group:
description: group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: kind is kind of the target resource.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: name is the name of the target resource.
maxLength: 253
minLength: 1
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
x-kubernetes-validations:
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
gateway.networking.k8s.io/Gateway
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
type: array
type:
description: |-
Specifies the type of Wasm Extension to be used.

Valid Options: HTTP, NETWORK
enum:
- UNSPECIFIED_PLUGIN_TYPE
- HTTP
- NETWORK
type: string
url:
description: URL of a Wasm module or OCI container.
minLength: 1
type: string
x-kubernetes-validations:
- message: url must have schema one of [http, https, file, oci]
rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'',
''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) &&
url(''http://'' +self).getScheme() in ['''', ''http'', ''https'',
''oci'', ''file''])'
verificationKey:
type: string
vmConfig:
description: Configuration for a Wasm VM.
properties:
env:
description: Specifies environment variables to be injected to
this VM.
items:
properties:
name:
description: Name of the environment variable.
maxLength: 256
minLength: 1
type: string
value:
description: Value for the environment variable.
maxLength: 2048
type: string
valueFrom:
description: |-
Source for the environment variable's value.

Valid Options: INLINE, HOST
enum:
- INLINE
- HOST
type: string
required:
- name
type: object
x-kubernetes-validations:
- message: value may only be set when valueFrom is INLINE
rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST''
|| !has(self.value)'
maxItems: 256
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- url
type: object
status:
properties:
conditions:
description: Current service state of the resource.
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
description: Resource Generation to which the Reconciled Condition
refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
description: |-
Represents how severe a message is.

Valid Options: UNKNOWN, ERROR, WARNING, INFO
enum:
- UNKNOWN
- ERROR
- WARNING
- INFO
type: string
type:
properties:
code:
description: A 7 character code matching `^IST[0-9]{4}$`
intended to uniquely identify the message type.
type: string
name:
description: A human-readable name for the message type.
type: string
type: object
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: sailoperator
app.kubernetes.io/instance: metrics-reader
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: clusterrole
app.kubernetes.io/part-of: sailoperator
name: metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
Loading