-
Notifications
You must be signed in to change notification settings - Fork 539
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator sailoperator (0.2.0-nightly-2024-10-13) (#5366)
Signed-off-by: Jonh Wendell <[email protected]> Co-authored-by: Jonh Wendell <[email protected]>
- Loading branch information
1 parent
367bfa0
commit 12e6c42
Showing
24 changed files
with
43,615 additions
and
0 deletions.
There are no files selected for viewing
465 changes: 465 additions & 0 deletions
465
operators/sailoperator/0.2.0-nightly-2024-10-13/README.md
Large diffs are not rendered by default.
Oops, something went wrong.
368 changes: 368 additions & 0 deletions
368
...tors/sailoperator/0.2.0-nightly-2024-10-13/manifests/extensions.istio.io_wasmplugins.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,368 @@ | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
helm.sh/resource-policy: keep | ||
creationTimestamp: null | ||
labels: | ||
app: istio-pilot | ||
chart: istio | ||
heritage: Tiller | ||
release: istio | ||
name: wasmplugins.extensions.istio.io | ||
spec: | ||
group: extensions.istio.io | ||
names: | ||
categories: | ||
- istio-io | ||
- extensions-istio-io | ||
kind: WasmPlugin | ||
listKind: WasmPluginList | ||
plural: wasmplugins | ||
singular: wasmplugin | ||
scope: Namespaced | ||
versions: | ||
- additionalPrinterColumns: | ||
- description: 'CreationTimestamp is a timestamp representing the server time | ||
when this object was created. It is not guaranteed to be set in happens-before | ||
order across separate operations. Clients may not set this value. It is represented | ||
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for | ||
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' | ||
jsonPath: .metadata.creationTimestamp | ||
name: Age | ||
type: date | ||
name: v1alpha1 | ||
schema: | ||
openAPIV3Schema: | ||
properties: | ||
spec: | ||
description: 'Extend the functionality provided by the Istio proxy through | ||
WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' | ||
properties: | ||
failStrategy: | ||
description: |- | ||
Specifies the failure behavior for the plugin due to fatal errors. | ||
Valid Options: FAIL_CLOSE, FAIL_OPEN | ||
enum: | ||
- FAIL_CLOSE | ||
- FAIL_OPEN | ||
type: string | ||
imagePullPolicy: | ||
description: |- | ||
The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`. | ||
Valid Options: IfNotPresent, Always | ||
enum: | ||
- UNSPECIFIED_POLICY | ||
- IfNotPresent | ||
- Always | ||
type: string | ||
imagePullSecret: | ||
description: Credentials to use for OCI image pulling. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
match: | ||
description: Specifies the criteria to determine which traffic is | ||
passed to WasmPlugin. | ||
items: | ||
properties: | ||
mode: | ||
description: |- | ||
Criteria for selecting traffic by their direction. | ||
Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER | ||
enum: | ||
- UNDEFINED | ||
- CLIENT | ||
- SERVER | ||
- CLIENT_AND_SERVER | ||
type: string | ||
ports: | ||
description: Criteria for selecting traffic by their destination | ||
port. | ||
items: | ||
properties: | ||
number: | ||
maximum: 65535 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- number | ||
type: object | ||
type: array | ||
x-kubernetes-list-map-keys: | ||
- number | ||
x-kubernetes-list-type: map | ||
type: object | ||
type: array | ||
phase: | ||
description: |- | ||
Determines where in the filter chain this `WasmPlugin` is to be injected. | ||
Valid Options: AUTHN, AUTHZ, STATS | ||
enum: | ||
- UNSPECIFIED_PHASE | ||
- AUTHN | ||
- AUTHZ | ||
- STATS | ||
type: string | ||
pluginConfig: | ||
description: The configuration that will be passed on to the plugin. | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
pluginName: | ||
description: The plugin name to be used in the Envoy configuration | ||
(used to be called `rootID`). | ||
maxLength: 256 | ||
minLength: 1 | ||
type: string | ||
priority: | ||
description: Determines ordering of `WasmPlugins` in the same `phase`. | ||
format: int32 | ||
nullable: true | ||
type: integer | ||
selector: | ||
description: Criteria used to select the specific set of pods/VMs | ||
on which this plugin configuration should be applied. | ||
properties: | ||
matchLabels: | ||
additionalProperties: | ||
maxLength: 63 | ||
type: string | ||
x-kubernetes-validations: | ||
- message: wildcard not allowed in label value match | ||
rule: '!self.contains(''*'')' | ||
description: One or more labels that indicate a specific set of | ||
pods/VMs on which a policy should be applied. | ||
maxProperties: 4096 | ||
type: object | ||
x-kubernetes-validations: | ||
- message: wildcard not allowed in label key match | ||
rule: self.all(key, !key.contains('*')) | ||
- message: key must not be empty | ||
rule: self.all(key, key.size() != 0) | ||
type: object | ||
sha256: | ||
description: SHA256 checksum that will be used to verify Wasm module | ||
or OCI container. | ||
pattern: (^$|^[a-f0-9]{64}$) | ||
type: string | ||
targetRef: | ||
properties: | ||
group: | ||
description: group is the group of the target resource. | ||
maxLength: 253 | ||
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | ||
type: string | ||
kind: | ||
description: kind is kind of the target resource. | ||
maxLength: 63 | ||
minLength: 1 | ||
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ | ||
type: string | ||
name: | ||
description: name is the name of the target resource. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
namespace: | ||
description: namespace is the namespace of the referent. | ||
type: string | ||
x-kubernetes-validations: | ||
- message: cross namespace referencing is not currently supported | ||
rule: self.size() == 0 | ||
required: | ||
- kind | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry, | ||
gateway.networking.k8s.io/Gateway | ||
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], | ||
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' | ||
targetRefs: | ||
description: Optional. | ||
items: | ||
properties: | ||
group: | ||
description: group is the group of the target resource. | ||
maxLength: 253 | ||
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | ||
type: string | ||
kind: | ||
description: kind is kind of the target resource. | ||
maxLength: 63 | ||
minLength: 1 | ||
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ | ||
type: string | ||
name: | ||
description: name is the name of the target resource. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
namespace: | ||
description: namespace is the namespace of the referent. | ||
type: string | ||
x-kubernetes-validations: | ||
- message: cross namespace referencing is not currently supported | ||
rule: self.size() == 0 | ||
required: | ||
- kind | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry, | ||
gateway.networking.k8s.io/Gateway | ||
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], | ||
[''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' | ||
type: array | ||
type: | ||
description: |- | ||
Specifies the type of Wasm Extension to be used. | ||
Valid Options: HTTP, NETWORK | ||
enum: | ||
- UNSPECIFIED_PLUGIN_TYPE | ||
- HTTP | ||
- NETWORK | ||
type: string | ||
url: | ||
description: URL of a Wasm module or OCI container. | ||
minLength: 1 | ||
type: string | ||
x-kubernetes-validations: | ||
- message: url must have schema one of [http, https, file, oci] | ||
rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', | ||
''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && | ||
url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', | ||
''oci'', ''file''])' | ||
verificationKey: | ||
type: string | ||
vmConfig: | ||
description: Configuration for a Wasm VM. | ||
properties: | ||
env: | ||
description: Specifies environment variables to be injected to | ||
this VM. | ||
items: | ||
properties: | ||
name: | ||
description: Name of the environment variable. | ||
maxLength: 256 | ||
minLength: 1 | ||
type: string | ||
value: | ||
description: Value for the environment variable. | ||
maxLength: 2048 | ||
type: string | ||
valueFrom: | ||
description: |- | ||
Source for the environment variable's value. | ||
Valid Options: INLINE, HOST | ||
enum: | ||
- INLINE | ||
- HOST | ||
type: string | ||
required: | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: value may only be set when valueFrom is INLINE | ||
rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' | ||
|| !has(self.value)' | ||
maxItems: 256 | ||
type: array | ||
x-kubernetes-list-map-keys: | ||
- name | ||
x-kubernetes-list-type: map | ||
type: object | ||
required: | ||
- url | ||
type: object | ||
status: | ||
properties: | ||
conditions: | ||
description: Current service state of the resource. | ||
items: | ||
properties: | ||
lastProbeTime: | ||
description: Last time we probed the condition. | ||
format: date-time | ||
type: string | ||
lastTransitionTime: | ||
description: Last time the condition transitioned from one status | ||
to another. | ||
format: date-time | ||
type: string | ||
message: | ||
description: Human-readable message indicating details about | ||
last transition. | ||
type: string | ||
reason: | ||
description: Unique, one-word, CamelCase reason for the condition's | ||
last transition. | ||
type: string | ||
status: | ||
description: Status is the status of the condition. | ||
type: string | ||
type: | ||
description: Type is the type of the condition. | ||
type: string | ||
type: object | ||
type: array | ||
observedGeneration: | ||
anyOf: | ||
- type: integer | ||
- type: string | ||
description: Resource Generation to which the Reconciled Condition | ||
refers. | ||
x-kubernetes-int-or-string: true | ||
validationMessages: | ||
description: Includes any errors or warnings detected by Istio's analyzers. | ||
items: | ||
properties: | ||
documentationUrl: | ||
description: A url pointing to the Istio documentation for this | ||
specific error type. | ||
type: string | ||
level: | ||
description: |- | ||
Represents how severe a message is. | ||
Valid Options: UNKNOWN, ERROR, WARNING, INFO | ||
enum: | ||
- UNKNOWN | ||
- ERROR | ||
- WARNING | ||
- INFO | ||
type: string | ||
type: | ||
properties: | ||
code: | ||
description: A 7 character code matching `^IST[0-9]{4}$` | ||
intended to uniquely identify the message type. | ||
type: string | ||
name: | ||
description: A human-readable name for the message type. | ||
type: string | ||
type: object | ||
type: object | ||
type: array | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
required: | ||
- spec | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} | ||
status: | ||
acceptedNames: | ||
kind: "" | ||
plural: "" | ||
conditions: null | ||
storedVersions: null |
17 changes: 17 additions & 0 deletions
17
...nightly-2024-10-13/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/component: kube-rbac-proxy | ||
app.kubernetes.io/created-by: sailoperator | ||
app.kubernetes.io/instance: metrics-reader | ||
app.kubernetes.io/managed-by: helm | ||
app.kubernetes.io/name: clusterrole | ||
app.kubernetes.io/part-of: sailoperator | ||
name: metrics-reader | ||
rules: | ||
- nonResourceURLs: | ||
- /metrics | ||
verbs: | ||
- get |
Oops, something went wrong.