diff --git a/build/csv/ceph/ceph.rook.io_cephblockpoolradosnamespaces.yaml b/build/csv/ceph/ceph.rook.io_cephblockpoolradosnamespaces.yaml new file mode 100644 index 0000000000000..673b7f106a23c --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephblockpoolradosnamespaces.yaml @@ -0,0 +1,66 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephblockpoolradosnamespaces.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBlockPoolRadosNamespace + listKind: CephBlockPoolRadosNamespaceList + plural: cephblockpoolradosnamespaces + singular: cephblockpoolradosnamespace + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + blockPoolName: + type: string + x-kubernetes-validations: + - message: blockPoolName is immutable + rule: self == oldSelf + name: + type: string + x-kubernetes-validations: + - message: name is immutable + rule: self == oldSelf + required: + - blockPoolName + type: object + status: + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephblockpools.yaml b/build/csv/ceph/ceph.rook.io_cephblockpools.yaml new file mode 100644 index 0000000000000..1c9e339e20935 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephblockpools.yaml @@ -0,0 +1,304 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephblockpools.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBlockPool + listKind: CephBlockPoolList + plural: cephblockpools + singular: cephblockpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + name: + enum: + - .rgw.root + - .nfs + - .mgr + type: string + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + info: + additionalProperties: + type: string + nullable: true + type: object + mirroringInfo: + properties: + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + mode: + type: string + peers: + items: + properties: + client_name: + type: string + direction: + type: string + mirror_uuid: + type: string + site_name: + type: string + uuid: + type: string + type: object + type: array + site_name: + type: string + type: object + mirroringStatus: + properties: + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + summary: + properties: + daemon_health: + type: string + health: + type: string + image_health: + type: string + states: + nullable: true + properties: + error: + type: integer + replaying: + type: integer + starting_replay: + type: integer + stopped: + type: integer + stopping_replay: + type: integer + syncing: + type: integer + unknown: + type: integer + type: object + type: object + type: object + observedGeneration: + format: int64 + type: integer + phase: + type: string + snapshotScheduleStatus: + properties: + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + snapshotSchedules: + items: + properties: + image: + type: string + items: + items: + properties: + interval: + type: string + start_time: + type: string + type: object + type: array + namespace: + type: string + pool: + type: string + type: object + nullable: true + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephbucketnotifications.yaml b/build/csv/ceph/ceph.rook.io_cephbucketnotifications.yaml new file mode 100644 index 0000000000000..0e79c802e0211 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephbucketnotifications.yaml @@ -0,0 +1,134 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephbucketnotifications.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBucketNotification + listKind: CephBucketNotificationList + plural: cephbucketnotifications + singular: cephbucketnotification + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + events: + items: + enum: + - s3:ObjectCreated:* + - s3:ObjectCreated:Put + - s3:ObjectCreated:Post + - s3:ObjectCreated:Copy + - s3:ObjectCreated:CompleteMultipartUpload + - s3:ObjectRemoved:* + - s3:ObjectRemoved:Delete + - s3:ObjectRemoved:DeleteMarkerCreated + type: string + type: array + filter: + properties: + keyFilters: + items: + properties: + name: + enum: + - prefix + - suffix + - regex + type: string + value: + type: string + required: + - name + - value + type: object + type: array + metadataFilters: + items: + properties: + name: + minLength: 1 + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tagFilters: + items: + properties: + name: + minLength: 1 + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + topic: + minLength: 1 + type: string + required: + - topic + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephbuckettopics.yaml b/build/csv/ceph/ceph.rook.io_cephbuckettopics.yaml new file mode 100644 index 0000000000000..7162ac7a524a6 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephbuckettopics.yaml @@ -0,0 +1,127 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephbuckettopics.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBucketTopic + listKind: CephBucketTopicList + plural: cephbuckettopics + singular: cephbuckettopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + endpoint: + properties: + amqp: + properties: + ackLevel: + default: broker + enum: + - none + - broker + - routeable + type: string + disableVerifySSL: + type: boolean + exchange: + minLength: 1 + type: string + uri: + minLength: 1 + type: string + required: + - exchange + - uri + type: object + http: + properties: + disableVerifySSL: + type: boolean + sendCloudEvents: + type: boolean + uri: + minLength: 1 + type: string + required: + - uri + type: object + kafka: + properties: + ackLevel: + default: broker + enum: + - none + - broker + type: string + disableVerifySSL: + type: boolean + uri: + minLength: 1 + type: string + useSSL: + type: boolean + required: + - uri + type: object + type: object + objectStoreName: + minLength: 1 + type: string + objectStoreNamespace: + minLength: 1 + type: string + opaqueData: + type: string + persistent: + type: boolean + required: + - endpoint + - objectStoreName + - objectStoreNamespace + type: object + status: + properties: + ARN: + nullable: true + type: string + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephclients.yaml b/build/csv/ceph/ceph.rook.io_cephclients.yaml new file mode 100644 index 0000000000000..6ef82c90e7686 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephclients.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephclients.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephClient + listKind: CephClientList + plural: cephclients + singular: cephclient + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + caps: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - caps + type: object + status: + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephclusters.yaml b/build/csv/ceph/ceph.rook.io_cephclusters.yaml new file mode 100644 index 0000000000000..f08a3978107e7 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephclusters.yaml @@ -0,0 +1,3102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephclusters.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCluster + listKind: CephClusterList + plural: cephclusters + singular: cephcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Directory used on the K8s nodes + jsonPath: .spec.dataDirHostPath + name: DataDirHostPath + type: string + - description: Number of MONs + jsonPath: .spec.mon.count + name: MonCount + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + - description: Message + jsonPath: .status.message + name: Message + type: string + - description: Ceph Health + jsonPath: .status.ceph.health + name: Health + type: string + - jsonPath: .spec.external.enable + name: External + type: boolean + - description: Ceph FSID + jsonPath: .status.ceph.fsid + name: FSID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + additionalProperties: + type: string + type: object + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + cephConfig: + additionalProperties: + additionalProperties: + type: string + type: object + nullable: true + type: object + cephVersion: + nullable: true + properties: + allowUnsupported: + type: boolean + image: + type: string + imagePullPolicy: + enum: + - IfNotPresent + - Always + - Never + - "" + type: string + type: object + cleanupPolicy: + nullable: true + properties: + allowUninstallWithVolumes: + type: boolean + confirmation: + nullable: true + pattern: ^$|^yes-really-destroy-data$ + type: string + sanitizeDisks: + nullable: true + properties: + dataSource: + enum: + - zero + - random + type: string + iteration: + format: int32 + type: integer + method: + enum: + - complete + - quick + type: string + type: object + type: object + continueUpgradeAfterChecksEvenIfNotHealthy: + type: boolean + crashCollector: + nullable: true + properties: + daysToRetain: + type: integer + disable: + type: boolean + type: object + csi: + properties: + cephfs: + properties: + fuseMountOptions: + type: string + kernelMountOptions: + type: string + type: object + readAffinity: + properties: + crushLocationLabels: + items: + type: string + type: array + enabled: + type: boolean + type: object + type: object + dashboard: + nullable: true + properties: + enabled: + type: boolean + port: + maximum: 65535 + minimum: 0 + type: integer + prometheusEndpoint: + type: string + prometheusEndpointSSLVerify: + type: boolean + ssl: + type: boolean + urlPrefix: + type: string + type: object + dataDirHostPath: + pattern: ^/(\S+) + type: string + x-kubernetes-validations: + - message: DataDirHostPath is immutable + rule: self == oldSelf + disruptionManagement: + nullable: true + properties: + machineDisruptionBudgetNamespace: + type: string + manageMachineDisruptionBudgets: + type: boolean + managePodBudgets: + type: boolean + osdMaintenanceTimeout: + format: int64 + type: integer + pgHealthCheckTimeout: + format: int64 + type: integer + pgHealthyRegex: + type: string + type: object + external: + nullable: true + properties: + enable: + type: boolean + type: object + x-kubernetes-preserve-unknown-fields: true + healthCheck: + nullable: true + properties: + daemonHealth: + nullable: true + properties: + mon: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + osd: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + status: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + livenessProbe: + additionalProperties: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: object + startupProbe: + additionalProperties: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: object + type: object + labels: + additionalProperties: + additionalProperties: + type: string + type: object + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + logCollector: + nullable: true + properties: + enabled: + type: boolean + maxLogSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + periodicity: + pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$ + type: string + type: object + mgr: + nullable: true + properties: + allowMultiplePerNode: + type: boolean + count: + maximum: 5 + minimum: 0 + type: integer + modules: + items: + properties: + enabled: + type: boolean + name: + type: string + type: object + nullable: true + type: array + type: object + mon: + nullable: true + properties: + allowMultiplePerNode: + type: boolean + count: + maximum: 9 + minimum: 0 + type: integer + failureDomainLabel: + type: string + stretchCluster: + properties: + failureDomainLabel: + type: string + subFailureDomain: + type: string + zones: + items: + properties: + arbiter: + type: boolean + name: + type: string + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + nullable: true + type: array + type: object + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + zones: + items: + properties: + arbiter: + type: boolean + name: + type: string + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + type: object + x-kubernetes-validations: + - message: zones must be less than or equal to count + rule: '!has(self.zones) || (has(self.zones) && (size(self.zones) + <= self.count))' + - message: stretchCluster zones must be equal to 3 + rule: '!has(self.stretchCluster) || (has(self.stretchCluster) && + (size(self.stretchCluster.zones) > 0) && (size(self.stretchCluster.zones) + == 3))' + monitoring: + nullable: true + properties: + enabled: + type: boolean + externalMgrEndpoints: + items: + properties: + hostname: + type: string + ip: + type: string + nodeName: + type: string + targetRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ip + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + externalMgrPrometheusPort: + maximum: 65535 + minimum: 0 + type: integer + interval: + type: string + metricsDisabled: + type: boolean + port: + maximum: 65535 + minimum: 0 + type: integer + type: object + network: + nullable: true + properties: + addressRanges: + nullable: true + properties: + cluster: + items: + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + public: + items: + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + type: object + connections: + nullable: true + properties: + compression: + nullable: true + properties: + enabled: + type: boolean + type: object + encryption: + nullable: true + properties: + enabled: + type: boolean + type: object + requireMsgr2: + type: boolean + type: object + dualStack: + type: boolean + hostNetwork: + type: boolean + ipFamily: + enum: + - IPv4 + - IPv6 + nullable: true + type: string + multiClusterService: + properties: + clusterID: + type: string + enabled: + type: boolean + type: object + provider: + enum: + - "" + - host + - multus + nullable: true + type: string + x-kubernetes-validations: + - message: network provider must be disabled (reverted to empty + string) before a new provider is enabled + rule: self == '' || self == oldSelf + selectors: + additionalProperties: + type: string + nullable: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-validations: + - message: at least one network selector must be specified when using + multus + rule: '!has(self.provider) || (self.provider != ''multus'' || (self.provider + == ''multus'' && size(self.selectors) > 0))' + - message: the legacy hostNetwork setting can only be set if the network.provider + is set to the empty string + rule: '!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) + || self.provider == ""' + placement: + additionalProperties: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassNames: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + removeOSDsIfOutAndSafeToRemove: + type: boolean + resources: + additionalProperties: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + security: + nullable: true + properties: + keyRotation: + nullable: true + properties: + enabled: + default: false + type: boolean + schedule: + type: string + type: object + kms: + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + type: string + type: object + type: object + skipUpgradeChecks: + type: boolean + storage: + nullable: true + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + deviceFilter: + type: string + devicePathFilter: + type: string + devices: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + fullpath: + type: string + name: + type: string + type: object + nullable: true + type: array + x-kubernetes-preserve-unknown-fields: true + flappingRestartIntervalHours: + type: integer + nodes: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + deviceFilter: + type: string + devicePathFilter: + type: string + devices: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + fullpath: + type: string + name: + type: string + type: object + nullable: true + type: array + x-kubernetes-preserve-unknown-fields: true + name: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + useAllDevices: + type: boolean + volumeClaimTemplates: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + type: object + nullable: true + type: array + onlyApplyOSDPlacement: + type: boolean + storageClassDeviceSets: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + count: + minimum: 1 + type: integer + encrypted: + type: boolean + name: + type: string + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + portable: + type: boolean + preparePlacement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + schedulerName: + type: string + tuneDeviceClass: + type: boolean + tuneFastDeviceClass: + type: boolean + volumeClaimTemplates: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + required: + - count + - name + - volumeClaimTemplates + type: object + nullable: true + type: array + store: + properties: + type: + enum: + - bluestore + - bluestore-rdr + type: string + updateStore: + pattern: ^$|^yes-really-update-store$ + type: string + type: object + useAllDevices: + type: boolean + useAllNodes: + type: boolean + volumeClaimTemplates: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + type: object + waitTimeoutForHealthyOSDInMinutes: + format: int64 + type: integer + type: object + status: + nullable: true + properties: + ceph: + properties: + capacity: + properties: + bytesAvailable: + format: int64 + type: integer + bytesTotal: + format: int64 + type: integer + bytesUsed: + format: int64 + type: integer + lastUpdated: + type: string + type: object + details: + additionalProperties: + properties: + message: + type: string + severity: + type: string + required: + - message + - severity + type: object + type: object + fsid: + type: string + health: + type: string + lastChanged: + type: string + lastChecked: + type: string + previousHealth: + type: string + versions: + properties: + cephfs-mirror: + additionalProperties: + type: integer + type: object + mds: + additionalProperties: + type: integer + type: object + mgr: + additionalProperties: + type: integer + type: object + mon: + additionalProperties: + type: integer + type: object + osd: + additionalProperties: + type: integer + type: object + overall: + additionalProperties: + type: integer + type: object + rbd-mirror: + additionalProperties: + type: integer + type: object + rgw: + additionalProperties: + type: integer + type: object + type: object + type: object + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + message: + type: string + observedGeneration: + format: int64 + type: integer + phase: + type: string + state: + type: string + storage: + properties: + deviceClasses: + items: + properties: + name: + type: string + type: object + type: array + osd: + properties: + storeType: + additionalProperties: + type: integer + type: object + type: object + type: object + version: + properties: + image: + type: string + version: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephcosidrivers.yaml b/build/csv/ceph/ceph.rook.io_cephcosidrivers.yaml new file mode 100644 index 0000000000000..c1dfe68cddc53 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephcosidrivers.yaml @@ -0,0 +1,557 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephcosidrivers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCOSIDriver + listKind: CephCOSIDriverList + plural: cephcosidrivers + shortNames: + - cephcosi + singular: cephcosidriver + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + deploymentStrategy: + enum: + - Never + - Auto + - Always + type: string + image: + type: string + objectProvisionerImage: + type: string + placement: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephfilesystemmirrors.yaml b/build/csv/ceph/ceph.rook.io_cephfilesystemmirrors.yaml new file mode 100644 index 0000000000000..ce4c28aee0721 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephfilesystemmirrors.yaml @@ -0,0 +1,592 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephfilesystemmirrors.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystemMirror + listKind: CephFilesystemMirrorList + plural: cephfilesystemmirrors + singular: cephfilesystemmirror + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + nullable: true + type: object + labels: + additionalProperties: + type: string + nullable: true + type: object + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + priorityClassName: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephfilesystems.yaml b/build/csv/ceph/ceph.rook.io_cephfilesystems.yaml new file mode 100644 index 0000000000000..ec9ed34dcc703 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephfilesystems.yaml @@ -0,0 +1,1198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephfilesystems.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystem + listKind: CephFilesystemList + plural: cephfilesystems + singular: cephfilesystem + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Number of desired active MDS daemons + jsonPath: .spec.metadataServer.activeCount + name: ActiveMDS + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + dataPools: + items: + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + name: + type: string + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + nullable: true + type: array + metadataPool: + nullable: true + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + metadataServer: + properties: + activeCount: + format: int32 + maximum: 50 + minimum: 1 + type: integer + activeStandby: + type: boolean + annotations: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + livenessProbe: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + startupProbe: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + required: + - activeCount + type: object + mirroring: + nullable: true + properties: + enabled: + type: boolean + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotRetention: + items: + properties: + duration: + type: string + path: + type: string + type: object + type: array + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + preserveFilesystemOnDelete: + type: boolean + preservePoolsOnDelete: + type: boolean + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - dataPools + - metadataPool + - metadataServer + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + info: + additionalProperties: + type: string + nullable: true + type: object + mirroringStatus: + properties: + daemonsStatus: + items: + properties: + daemon_id: + type: integer + filesystems: + items: + properties: + directory_count: + type: integer + filesystem_id: + type: integer + name: + type: string + peers: + items: + properties: + remote: + properties: + client_name: + type: string + cluster_name: + type: string + fs_name: + type: string + type: object + stats: + properties: + failure_count: + type: integer + recovery_count: + type: integer + type: object + uuid: + type: string + type: object + type: array + type: object + type: array + type: object + nullable: true + type: array + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + type: object + observedGeneration: + format: int64 + type: integer + phase: + type: string + snapshotScheduleStatus: + properties: + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + snapshotSchedules: + items: + properties: + fs: + type: string + path: + type: string + rel_path: + type: string + retention: + properties: + active: + type: boolean + created: + type: string + created_count: + type: integer + first: + type: string + last: + type: string + last_pruned: + type: string + pruned_count: + type: integer + start: + type: string + type: object + schedule: + type: string + subvol: + type: string + type: object + nullable: true + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephfilesystemsubvolumegroups.yaml b/build/csv/ceph/ceph.rook.io_cephfilesystemsubvolumegroups.yaml new file mode 100644 index 0000000000000..5b4260610f62a --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephfilesystemsubvolumegroups.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephfilesystemsubvolumegroups.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystemSubVolumeGroup + listKind: CephFilesystemSubVolumeGroupList + plural: cephfilesystemsubvolumegroups + singular: cephfilesystemsubvolumegroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filesystemName: + type: string + x-kubernetes-validations: + - message: filesystemName is immutable + rule: self == oldSelf + name: + type: string + x-kubernetes-validations: + - message: name is immutable + rule: self == oldSelf + pinning: + properties: + distributed: + maximum: 1 + minimum: 0 + nullable: true + type: integer + export: + maximum: 256 + minimum: -1 + nullable: true + type: integer + random: + maximum: 1 + minimum: 0 + nullable: true + type: number + type: object + x-kubernetes-validations: + - message: only one pinning type should be set + rule: (has(self.export) && !has(self.distributed) && !has(self.random)) + || (!has(self.export) && has(self.distributed) && !has(self.random)) + || (!has(self.export) && !has(self.distributed) && has(self.random)) + || (!has(self.export) && !has(self.distributed) && !has(self.random)) + required: + - filesystemName + type: object + status: + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephnfses.yaml b/build/csv/ceph/ceph.rook.io_cephnfses.yaml new file mode 100644 index 0000000000000..ae57b3860f11a --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephnfses.yaml @@ -0,0 +1,1701 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephnfses.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephNFS + listKind: CephNFSList + plural: cephnfses + shortNames: + - nfs + singular: cephnfs + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + rados: + nullable: true + properties: + namespace: + type: string + pool: + type: string + type: object + security: + nullable: true + properties: + kerberos: + nullable: true + properties: + configFiles: + properties: + volumeSource: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + type: object + type: object + domainName: + type: string + keytabFile: + properties: + volumeSource: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + type: object + type: object + principalName: + default: nfs + type: string + type: object + sssd: + nullable: true + properties: + sidecar: + properties: + additionalFiles: + items: + properties: + subPath: + minLength: 1 + pattern: ^[^:]+$ + type: string + volumeSource: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + type: object + required: + - subPath + - volumeSource + type: object + type: array + debugLevel: + maximum: 10 + minimum: 0 + type: integer + image: + minLength: 1 + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + sssdConfigFile: + properties: + volumeSource: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + type: object + type: object + required: + - image + type: object + type: object + type: object + server: + properties: + active: + type: integer + annotations: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + hostNetwork: + nullable: true + type: boolean + labels: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + livenessProbe: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + logLevel: + type: string + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - active + type: object + required: + - server + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephobjectrealms.yaml b/build/csv/ceph/ceph.rook.io_cephobjectrealms.yaml new file mode 100644 index 0000000000000..46c9d8e42311c --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephobjectrealms.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephobjectrealms.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectRealm + listKind: CephObjectRealmList + plural: cephobjectrealms + singular: cephobjectrealm + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + nullable: true + properties: + pull: + properties: + endpoint: + pattern: ^https*:// + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephobjectstores.yaml b/build/csv/ceph/ceph.rook.io_cephobjectstores.yaml new file mode 100644 index 0000000000000..240b16df0eb14 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephobjectstores.yaml @@ -0,0 +1,1147 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephobjectstores.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectStore + listKind: CephObjectStoreList + plural: cephobjectstores + singular: cephobjectstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowUsersInNamespaces: + items: + type: string + type: array + dataPool: + nullable: true + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + gateway: + nullable: true + properties: + annotations: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + caBundleRef: + nullable: true + type: string + dashboardEnabled: + nullable: true + type: boolean + x-kubernetes-preserve-unknown-fields: true + disableMultisiteSyncTraffic: + type: boolean + externalRgwEndpoints: + items: + properties: + hostname: + type: string + ip: + type: string + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + hostNetwork: + nullable: true + type: boolean + x-kubernetes-preserve-unknown-fields: true + instances: + format: int32 + nullable: true + type: integer + labels: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + port: + format: int32 + type: integer + priorityClassName: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + securePort: + format: int32 + maximum: 65535 + minimum: 0 + nullable: true + type: integer + service: + nullable: true + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + sslCertificateRef: + nullable: true + type: string + type: object + healthCheck: + nullable: true + properties: + readinessProbe: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + startupProbe: + properties: + disabled: + type: boolean + probe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: object + metadataPool: + nullable: true + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + preservePoolsOnDelete: + type: boolean + security: + nullable: true + properties: + keyRotation: + nullable: true + properties: + enabled: + default: false + type: boolean + schedule: + type: string + type: object + kms: + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + type: string + type: object + s3: + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + type: string + type: object + type: object + zone: + nullable: true + properties: + name: + type: string + required: + - name + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + endpoints: + properties: + insecure: + items: + type: string + nullable: true + type: array + secure: + items: + type: string + nullable: true + type: array + type: object + info: + additionalProperties: + type: string + nullable: true + type: object + message: + type: string + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephobjectstoreusers.yaml b/build/csv/ceph/ceph.rook.io_cephobjectstoreusers.yaml new file mode 100644 index 0000000000000..2a9e5c1adef4c --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephobjectstoreusers.yaml @@ -0,0 +1,204 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephobjectstoreusers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectStoreUser + listKind: CephObjectStoreUserList + plural: cephobjectstoreusers + shortNames: + - rcou + - objectuser + singular: cephobjectstoreuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + capabilities: + nullable: true + properties: + amz-cache: + enum: + - '*' + - read + - write + - read, write + type: string + bilog: + enum: + - '*' + - read + - write + - read, write + type: string + bucket: + enum: + - '*' + - read + - write + - read, write + type: string + buckets: + enum: + - '*' + - read + - write + - read, write + type: string + datalog: + enum: + - '*' + - read + - write + - read, write + type: string + info: + enum: + - '*' + - read + - write + - read, write + type: string + mdlog: + enum: + - '*' + - read + - write + - read, write + type: string + metadata: + enum: + - '*' + - read + - write + - read, write + type: string + oidc-provider: + enum: + - '*' + - read + - write + - read, write + type: string + ratelimit: + enum: + - '*' + - read + - write + - read, write + type: string + roles: + enum: + - '*' + - read + - write + - read, write + type: string + usage: + enum: + - '*' + - read + - write + - read, write + type: string + user: + enum: + - '*' + - read + - write + - read, write + type: string + user-policy: + enum: + - '*' + - read + - write + - read, write + type: string + users: + enum: + - '*' + - read + - write + - read, write + type: string + zone: + enum: + - '*' + - read + - write + - read, write + type: string + type: object + clusterNamespace: + type: string + displayName: + type: string + quotas: + nullable: true + properties: + maxBuckets: + nullable: true + type: integer + maxObjects: + format: int64 + nullable: true + type: integer + maxSize: + anyOf: + - type: integer + - type: string + nullable: true + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + store: + type: string + type: object + status: + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephobjectzonegroups.yaml b/build/csv/ceph/ceph.rook.io_cephobjectzonegroups.yaml new file mode 100644 index 0000000000000..ed69601a1481c --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephobjectzonegroups.yaml @@ -0,0 +1,79 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephobjectzonegroups.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectZoneGroup + listKind: CephObjectZoneGroupList + plural: cephobjectzonegroups + singular: cephobjectzonegroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + realm: + type: string + required: + - realm + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephobjectzones.yaml b/build/csv/ceph/ceph.rook.io_cephobjectzones.yaml new file mode 100644 index 0000000000000..d8a4d489a9e58 --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephobjectzones.yaml @@ -0,0 +1,345 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephobjectzones.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectZone + listKind: CephObjectZoneList + plural: cephobjectzones + singular: cephobjectzone + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + customEndpoints: + items: + type: string + nullable: true + type: array + dataPool: + nullable: true + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + metadataPool: + nullable: true + properties: + application: + type: string + compressionMode: + enum: + - none + - passive + - aggressive + - force + - "" + nullable: true + type: string + crushRoot: + nullable: true + type: string + deviceClass: + nullable: true + type: string + enableRBDStats: + type: boolean + erasureCoded: + properties: + algorithm: + type: string + codingChunks: + minimum: 0 + type: integer + dataChunks: + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + type: string + mirroring: + properties: + enabled: + type: boolean + mode: + type: string + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + snapshotSchedules: + items: + properties: + interval: + type: string + path: + type: string + startTime: + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + nullable: true + properties: + maxBytes: + format: int64 + type: integer + maxObjects: + format: int64 + type: integer + maxSize: + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + properties: + hybridStorage: + nullable: true + properties: + primaryDeviceClass: + minLength: 1 + type: string + secondaryDeviceClass: + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + minimum: 1 + type: integer + requireSafeReplicaSize: + type: boolean + size: + minimum: 0 + type: integer + subFailureDomain: + type: string + targetSizeRatio: + type: number + required: + - size + type: object + statusCheck: + properties: + mirror: + nullable: true + properties: + disabled: + type: boolean + interval: + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + preservePoolsOnDelete: + default: true + type: boolean + zoneGroup: + type: string + required: + - dataPool + - metadataPool + - zoneGroup + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/ceph.rook.io_cephrbdmirrors.yaml b/build/csv/ceph/ceph.rook.io_cephrbdmirrors.yaml new file mode 100644 index 0000000000000..39c840dc034ab --- /dev/null +++ b/build/csv/ceph/ceph.rook.io_cephrbdmirrors.yaml @@ -0,0 +1,610 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: cephrbdmirrors.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephRBDMirror + listKind: CephRBDMirrorList + plural: cephrbdmirrors + singular: cephrbdmirror + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + count: + minimum: 1 + type: integer + labels: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + peers: + nullable: true + properties: + secretNames: + items: + type: string + type: array + type: object + placement: + nullable: true + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + type: string + resources: + nullable: true + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - count + type: object + status: + properties: + conditions: + items: + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/build/csv/ceph/objectstorage-provisioner-role-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/build/csv/ceph/objectstorage-provisioner-role-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 0000000000000..6d59e2c12a969 --- /dev/null +++ b/build/csv/ceph/objectstorage-provisioner-role-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: objectstorage-provisioner-role +subjects: +- kind: ServiceAccount + name: objectstorage-provisioner + namespace: rook-ceph diff --git a/build/csv/ceph/objectstorage-provisioner-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/build/csv/ceph/objectstorage-provisioner-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 0000000000000..f0b6ec1e58456 --- /dev/null +++ b/build/csv/ceph/objectstorage-provisioner-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,49 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role +rules: +- apiGroups: + - objectstorage.k8s.io + resources: + - buckets + - bucketaccesses + - bucketclaims + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: + - get + - list + - watch + - update + - create + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - "" + resources: + - secrets + - events + verbs: + - get + - delete + - update + - create diff --git a/build/csv/ceph/objectstorage-provisioner_v1_serviceaccount.yaml b/build/csv/ceph/objectstorage-provisioner_v1_serviceaccount.yaml new file mode 100644 index 0000000000000..ddd7800c9b90a --- /dev/null +++ b/build/csv/ceph/objectstorage-provisioner_v1_serviceaccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner diff --git a/build/csv/rook-ceph.clusterserviceversion.yaml b/build/csv/rook-ceph.clusterserviceversion.yaml new file mode 100644 index 0000000000000..e8f5fbeed33d9 --- /dev/null +++ b/build/csv/rook-ceph.clusterserviceversion.yaml @@ -0,0 +1,3147 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephCluster", + "metadata": { + "name": "my-rook-ceph", + "namespace": "my-rook-ceph" + }, + "spec": { + "cephVersion": { + "image": "quay.io/ceph/ceph:v17.2.6" + }, + "dataDirHostPath": "/var/lib/rook", + "mon": { + "count": 3 + }, + "dashboard": { + "enabled": true + }, + "network": { + "hostNetwork": false + }, + "rbdMirroring": { + "workers": 0 + }, + "storage": { + "useAllNodes": true, + "useAllDevices": true + } + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephBlockPool", + "metadata": { + "name": "replicapool", + "namespace": "my-rook-ceph" + }, + "spec": { + "failureDomain": "host", + "replicated": { + "size": 3 + }, + "annotations": null + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephObjectStore", + "metadata": { + "name": "my-store", + "namespace": "my-rook-ceph" + }, + "spec": { + "metadataPool": { + "failureDomain": "host", + "replicated": { + "size": 3 + } + }, + "dataPool": { + "failureDomain": "host", + "replicated": { + "size": 3 + } + }, + "gateway": { + "type": "s3", + "sslCertificateRef": null, + "port": 8080, + "securePort": null, + "instances": 1, + "placement": null, + "annotations": null, + "resources": null + } + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephObjectStoreUser", + "metadata": { + "name": "my-user", + "namespace": "my-rook-ceph" + }, + "spec": { + "store": "my-store", + "displayName": "my display name" + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephNFS", + "metadata": { + "name": "my-nfs", + "namespace": "rook-ceph" + }, + "spec": { + "rados": { + "pool": "myfs-data0", + "namespace": "nfs-ns" + }, + "server": { + "active": 3, + "placement": null, + "annotations": null, + "resources": null + } + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephClient", + "metadata": { + "name": "cinder", + "namespace": "rook-ceph" + }, + "spec": { + "caps": { + "mon": "profile rbd", + "osd": "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images" + } + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephFilesystem", + "metadata": { + "name": "myfs", + "namespace": "rook-ceph" + }, + "spec": { + "dataPools": [ + { + "compressionMode": "", + "crushRoot": "", + "deviceClass": "", + "erasureCoded": { + "algorithm": "", + "codingChunks": 0, + "dataChunks": 0 + }, + "failureDomain": "host", + "replicated": { + "requireSafeReplicaSize": false, + "size": 1, + "targetSizeRatio": 0.5 + } + } + ], + "metadataPool": { + "compressionMode": "", + "crushRoot": "", + "deviceClass": "", + "erasureCoded": { + "algorithm": "", + "codingChunks": 0, + "dataChunks": 0 + }, + "failureDomain": "", + "replicated": { + "requireSafeReplicaSize": false, + "size": 1, + "targetSizeRatio": 0 + } + }, + "metadataServer": { + "activeCount": 1, + "activeStandby": true, + "placement": {}, + "resources": {} + }, + "preservePoolsOnDelete": false, + "preserveFilesystemOnDelete": false + } + }, + { + "apiVersion": "ceph.rook.io/v1", + "kind": "CephRBDMirror", + "metadata": { + "name": "my-rbd-mirror", + "namespace": "rook-ceph" + }, + "spec": { + "annotations": null, + "count": 1, + "placement": { + "topologyKey": "kubernetes.io/hostname" + }, + "resources": null + } + } + ] + capabilities: Basic Install + operators.operatorframework.io/builder: operator-sdk-v1.25.0 + operators.operatorframework.io/project_layout: unknown + tectonic-visibility: ocs + repository: https://github.com/rook/rook + containerImage: '{{.RookOperatorImage}}' + externalClusterScript: |- + IiIiCkNvcHlyaWdodCAyMDIwIFRoZSBSb29rIEF1dGhvcnMuIEFsbCByaWdodHMgcmVzZXJ2ZWQu + CgpMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxp + Y2Vuc2UiKTsKeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3 + aXRoIHRoZSBMaWNlbnNlLgpZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXQK + CglodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKClVubGVzcyByZXF1 + aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmUK + ZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElT + IiBCQVNJUywKV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVp + dGhlciBleHByZXNzIG9yIGltcGxpZWQuClNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmlj + IGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQKbGltaXRhdGlvbnMgdW5kZXIgdGhl + IExpY2Vuc2UuCiIiIgoKaW1wb3J0IGVycm5vCmltcG9ydCBzeXMKaW1wb3J0IGpzb24KaW1wb3J0 + IGFyZ3BhcnNlCmltcG9ydCByZQppbXBvcnQgc3VicHJvY2VzcwppbXBvcnQgaG1hYwpmcm9tIGhh + c2hsaWIgaW1wb3J0IHNoYTEgYXMgc2hhCmZyb20gb3MgaW1wb3J0IGxpbmVzZXAgYXMgTElORVNF + UApmcm9tIG9zIGltcG9ydCBwYXRoCmZyb20gZW1haWwudXRpbHMgaW1wb3J0IGZvcm1hdGRhdGUK + aW1wb3J0IHJlcXVlc3RzCmZyb20gcmVxdWVzdHMuYXV0aCBpbXBvcnQgQXV0aEJhc2UKCnB5M2sg + PSBGYWxzZQppZiBzeXMudmVyc2lvbl9pbmZvLm1ham9yID49IDM6CiAgICBweTNrID0gVHJ1ZQog + ICAgaW1wb3J0IHVybGxpYi5wYXJzZQogICAgZnJvbSBpcGFkZHJlc3MgaW1wb3J0IGlwX2FkZHJl + c3MsIElQdjRBZGRyZXNzCgpNb2R1bGVOb3RGb3VuZEVycm9yID0gSW1wb3J0RXJyb3IKCnRyeToK + ICAgIGltcG9ydCByYWRvcwpleGNlcHQgTW9kdWxlTm90Rm91bmRFcnJvciBhcyBub01vZEVycjoK + ICAgIHByaW50KGYiRXJyb3I6IHtub01vZEVycn1cbkV4aXRpbmcgdGhlIHNjcmlwdC4uLiIpCiAg + ICBzeXMuZXhpdCgxKQoKdHJ5OgogICAgaW1wb3J0IHJiZApleGNlcHQgTW9kdWxlTm90Rm91bmRF + cnJvciBhcyBub01vZEVycjoKICAgIHByaW50KGYiRXJyb3I6IHtub01vZEVycn1cbkV4aXRpbmcg + dGhlIHNjcmlwdC4uLiIpCiAgICBzeXMuZXhpdCgxKQoKdHJ5OgogICAgIyBmb3IgMi43LngKICAg + IGZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmV4Y2VwdCBNb2R1bGVOb3RGb3VuZEVycm9y + OgogICAgIyBmb3IgMy54CiAgICBmcm9tIGlvIGltcG9ydCBTdHJpbmdJTwoKdHJ5OgogICAgIyBm + b3IgMi43LngKICAgIGZyb20gdXJscGFyc2UgaW1wb3J0IHVybHBhcnNlCiAgICBmcm9tIHVybGxp + YiBpbXBvcnQgdXJsZW5jb2RlIGFzIHVybGVuY29kZQpleGNlcHQgTW9kdWxlTm90Rm91bmRFcnJv + cjoKICAgICMgZm9yIDMueAogICAgZnJvbSB1cmxsaWIucGFyc2UgaW1wb3J0IHVybHBhcnNlCiAg + ICBmcm9tIHVybGxpYi5wYXJzZSBpbXBvcnQgdXJsZW5jb2RlIGFzIHVybGVuY29kZQoKdHJ5Ogog + ICAgZnJvbSBiYXNlNjQgaW1wb3J0IGVuY29kZXN0cmluZwpleGNlcHQ6CiAgICBmcm9tIGJhc2U2 + NCBpbXBvcnQgZW5jb2RlYnl0ZXMgYXMgZW5jb2Rlc3RyaW5nCgoKY2xhc3MgRXhlY3V0aW9uRmFp + bHVyZUV4Y2VwdGlvbihFeGNlcHRpb24pOgogICAgcGFzcwoKCiMjIyMjIyMjIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyMjIyMjIyMjIyMjIyMjIyMgRHVtbXlSYWRv + cyAjIyMjIyMjIyMjIyMjIyMjIyMKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjCiMgdGhpcyBpcyBtYWlubHkgZm9yIHRlc3RpbmcgYW5kIGNvdWxkIGJlIHVz + ZWQgd2hlcmUgJ3JhZG9zJyBpcyBub3QgYXZhaWxhYmxlCgoKY2xhc3MgRHVtbXlSYWRvcyhvYmpl + Y3QpOgogICAgZGVmIF9faW5pdF9fKHNlbGYpOgogICAgICAgIHNlbGYucmV0dXJuX3ZhbCA9IDAK + ICAgICAgICBzZWxmLmVycl9tZXNzYWdlID0gIiIKICAgICAgICBzZWxmLnN0YXRlID0gImNvbm5l + Y3RlZCIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwID0ge30KICAgICAgICBzZWxmLmNtZF9u + YW1lcyA9IHt9CiAgICAgICAgc2VsZi5faW5pdF9jbWRfb3V0cHV0X21hcCgpCiAgICAgICAgc2Vs + Zi5kdW1teV9ob3N0X2lwX21hcCA9IHt9CgogICAgZGVmIF9pbml0X2NtZF9vdXRwdXRfbWFwKHNl + bGYpOgogICAgICAgIGpzb25fZmlsZV9uYW1lID0gInRlc3QtZGF0YS9jZXBoLXN0YXR1cy1vdXQi + CiAgICAgICAgc2NyaXB0X2RpciA9IHBhdGguYWJzcGF0aChwYXRoLmRpcm5hbWUoX19maWxlX18p + KQogICAgICAgIGNlcGhfc3RhdHVzX3N0ciA9ICIiCiAgICAgICAgd2l0aCBvcGVuKAogICAgICAg + ICAgICBwYXRoLmpvaW4oc2NyaXB0X2RpciwganNvbl9maWxlX25hbWUpLCBtb2RlPSJyIiwgZW5j + b2Rpbmc9IlVURi04IgogICAgICAgICkgYXMganNvbl9maWxlOgogICAgICAgICAgICBjZXBoX3N0 + YXR1c19zdHIgPSBqc29uX2ZpbGUucmVhZCgpCiAgICAgICAgc2VsZi5jbWRfbmFtZXNbImZzIGxz + Il0gPSAiIiJ7ImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJmcyBscyJ9IiIiCiAgICAgICAg + c2VsZi5jbWRfbmFtZXNbInF1b3J1bV9zdGF0dXMiXSA9ICgKICAgICAgICAgICAgIiIieyJmb3Jt + YXQiOiAianNvbiIsICJwcmVmaXgiOiAicXVvcnVtX3N0YXR1cyJ9IiIiCiAgICAgICAgKQogICAg + ICAgIHNlbGYuY21kX25hbWVzWyJtZ3Igc2VydmljZXMiXSA9ICgKICAgICAgICAgICAgIiIieyJm + b3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAibWdyIHNlcnZpY2VzIn0iIiIKICAgICAgICApCiAg + ICAgICAgIyBhbGwgdGhlIGNvbW1hbmRzIGFuZCB0aGVpciBvdXRwdXQKICAgICAgICBzZWxmLmNt + ZF9vdXRwdXRfbWFwW3NlbGYuY21kX25hbWVzWyJmcyBscyJdXSA9ICgKICAgICAgICAgICAgIiIi + W3sibmFtZSI6Im15ZnMiLCJtZXRhZGF0YV9wb29sIjoibXlmcy1tZXRhZGF0YSIsIm1ldGFkYXRh + X3Bvb2xfaWQiOjIsImRhdGFfcG9vbF9pZHMiOlszXSwiZGF0YV9wb29scyI6WyJteWZzLXJlcGxp + Y2F0ZWQiXX1dIiIiCiAgICAgICAgKQogICAgICAgIHNlbGYuY21kX291dHB1dF9tYXBbc2VsZi5j + bWRfbmFtZXNbInF1b3J1bV9zdGF0dXMiXV0gPSAoCiAgICAgICAgICAgICIiInsiZWxlY3Rpb25f + ZXBvY2giOjMsInF1b3J1bSI6WzBdLCJxdW9ydW1fbmFtZXMiOlsiYSJdLCJxdW9ydW1fbGVhZGVy + X25hbWUiOiJhIiwicXVvcnVtX2FnZSI6MTQzODUsImZlYXR1cmVzIjp7InF1b3J1bV9jb24iOiI0 + NTQwMTM4MjkyODM2Njk2MDYzIiwicXVvcnVtX21vbiI6WyJrcmFrZW4iLCJsdW1pbm91cyIsIm1p + bWljIiwib3NkbWFwLXBydW5lIiwibmF1dGlsdXMiLCJvY3RvcHVzIl19LCJtb25tYXAiOnsiZXBv + Y2giOjEsImZzaWQiOiJhZjRlMTY3My0wYjcyLTQwMmQtOTkwYS0yMmQyOTE5ZDBmMWMiLCJtb2Rp + ZmllZCI6IjIwMjAtMDUtMDdUMDM6MzY6MzkuOTE4MDM1WiIsImNyZWF0ZWQiOiIyMDIwLTA1LTA3 + VDAzOjM2OjM5LjkxODAzNVoiLCJtaW5fbW9uX3JlbGVhc2UiOjE1LCJtaW5fbW9uX3JlbGVhc2Vf + bmFtZSI6Im9jdG9wdXMiLCJmZWF0dXJlcyI6eyJwZXJzaXN0ZW50IjpbImtyYWtlbiIsImx1bWlu + b3VzIiwibWltaWMiLCJvc2RtYXAtcHJ1bmUiLCJuYXV0aWx1cyIsIm9jdG9wdXMiXSwib3B0aW9u + YWwiOltdfSwibW9ucyI6W3sicmFuayI6MCwibmFtZSI6ImEiLCJwdWJsaWNfYWRkcnMiOnsiYWRk + cnZlYyI6W3sidHlwZSI6InYyIiwiYWRkciI6IjEwLjExMC4yMDUuMTc0OjMzMDAiLCJub25jZSI6 + MH0seyJ0eXBlIjoidjEiLCJhZGRyIjoiMTAuMTEwLjIwNS4xNzQ6Njc4OSIsIm5vbmNlIjowfV19 + LCJhZGRyIjoiMTAuMTEwLjIwNS4xNzQ6Njc4OS8wIiwicHVibGljX2FkZHIiOiIxMC4xMTAuMjA1 + LjE3NDo2Nzg5LzAiLCJwcmlvcml0eSI6MCwid2VpZ2h0IjowfV19fSIiIgogICAgICAgICkKICAg + ICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwW3NlbGYuY21kX25hbWVzWyJtZ3Igc2VydmljZXMiXV0g + PSAoCiAgICAgICAgICAgICIiInsiZGFzaGJvYXJkIjoiaHR0cHM6Ly9jZXBoLWRhc2hib2FyZDo4 + NDQzLyIsInByb21ldGhldXMiOiJodHRwOi8vY2VwaC1kYXNoYm9hcmQtZGI6OTI4My8ifSIiIgog + ICAgICAgICkKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAiIiJ7ImNh + cHMiOiBbIm1vbiIsICJhbGxvdyByLCBhbGxvdyBjb21tYW5kIHF1b3J1bV9zdGF0dXMiLCAib3Nk + IiwgInByb2ZpbGUgcmJkLXJlYWQtb25seSwgYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5yZ3cubWV0 + YSwgYWxsb3cgciBwb29sPS5yZ3cucm9vdCwgYWxsb3cgcncgcG9vbD1kZWZhdWx0LnJndy5jb250 + cm9sLCBhbGxvdyB4IHBvb2w9ZGVmYXVsdC5yZ3cuYnVja2V0cy5pbmRleCJdLCAiZW50aXR5Ijog + ImNsaWVudC5oZWFsdGhjaGVja2VyIiwgImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJhdXRo + IGdldC1vci1jcmVhdGUifSIiIgogICAgICAgIF0gPSAiIiJbeyJlbnRpdHkiOiJjbGllbnQuaGVh + bHRoY2hlY2tlciIsImtleSI6IkFRREZrYk5lZnQ1YkZSQUFUbmRMTlVTRUtydW96eGlaaTNscmRB + PT0iLCJjYXBzIjp7Im1vbiI6ImFsbG93IHIsIGFsbG93IGNvbW1hbmQgcXVvcnVtX3N0YXR1cyIs + Im9zZCI6InByb2ZpbGUgcmJkLXJlYWQtb25seSwgYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5yZ3cu + bWV0YSwgYWxsb3cgciBwb29sPS5yZ3cucm9vdCwgYWxsb3cgcncgcG9vbD1kZWZhdWx0LnJndy5j + b250cm9sLCBhbGxvdyB4IHBvb2w9ZGVmYXVsdC5yZ3cuYnVja2V0cy5pbmRleCJ9fV0iIiIKICAg + ICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAiIiJ7ImNhcHMiOiBbIm1vbiIs + ICJwcm9maWxlIHJiZCwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2NrbGlzdCciLCAib3NkIiwgInBy + b2ZpbGUgcmJkIl0sICJlbnRpdHkiOiAiY2xpZW50LmNzaS1yYmQtbm9kZSIsICJmb3JtYXQiOiAi + anNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQtb3ItY3JlYXRlIn0iIiIKICAgICAgICBdID0gIiIi + W3siZW50aXR5IjoiY2xpZW50LmNzaS1yYmQtbm9kZSIsImtleSI6IkFRQk9nck5lSGJLMUF4QUF1 + YllCZVY4UzFVL0dQenE1U1ZlcTZnPT0iLCJjYXBzIjp7Im1vbiI6InByb2ZpbGUgcmJkLCBhbGxv + dyBjb21tYW5kICdvc2QgYmxvY2tsaXN0JyIsIm9zZCI6InByb2ZpbGUgcmJkIn19XSIiIgogICAg + ICAgIHNlbGYuY21kX291dHB1dF9tYXBbCiAgICAgICAgICAgICIiInsiY2FwcyI6IFsibW9uIiwg + InByb2ZpbGUgcmJkLCBhbGxvdyBjb21tYW5kICdvc2QgYmxvY2tsaXN0JyIsICJtZ3IiLCAiYWxs + b3cgcnciLCAib3NkIiwgInByb2ZpbGUgcmJkIl0sICJlbnRpdHkiOiAiY2xpZW50LmNzaS1yYmQt + cHJvdmlzaW9uZXIiLCAiZm9ybWF0IjogImpzb24iLCAicHJlZml4IjogImF1dGggZ2V0LW9yLWNy + ZWF0ZSJ9IiIiCiAgICAgICAgXSA9ICIiIlt7ImVudGl0eSI6ImNsaWVudC5jc2ktcmJkLXByb3Zp + c2lvbmVyIiwia2V5IjoiQVFCTmdyTmUxZ2V5S3hBQThla1ZpUmRFK2hzczVPd2VZQmt3Tmc9PSIs + ImNhcHMiOnsibWdyIjoiYWxsb3cgcnciLCJtb24iOiJwcm9maWxlIHJiZCwgYWxsb3cgY29tbWFu + ZCAnb3NkIGJsb2NrbGlzdCciLCJvc2QiOiJwcm9maWxlIHJiZCJ9fV0iIiIKICAgICAgICBzZWxm + LmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAiIiJ7ImNhcHMiOiBbIm1vbiIsICJhbGxvdyBy + LCBhbGxvdyBjb21tYW5kICdvc2QgYmxvY2tsaXN0JyIsICJtZ3IiLCAiYWxsb3cgcnciLCAib3Nk + IiwgImFsbG93IHJ3IHRhZyBjZXBoZnMgKj0qIiwgIm1kcyIsICJhbGxvdyBydyJdLCAiZW50aXR5 + IjogImNsaWVudC5jc2ktY2VwaGZzLW5vZGUiLCAiZm9ybWF0IjogImpzb24iLCAicHJlZml4Ijog + ImF1dGggZ2V0LW9yLWNyZWF0ZSJ9IiIiCiAgICAgICAgXSA9ICIiIlt7ImVudGl0eSI6ImNsaWVu + dC5jc2ktY2VwaGZzLW5vZGUiLCJrZXkiOiJBUUJPZ3JOZUVOdW5LeEFBUENtZ0U3UjZHOERjWG5h + SjFGMzJxZz09IiwiY2FwcyI6eyJtZHMiOiJhbGxvdyBydyIsIm1nciI6ImFsbG93IHJ3IiwibW9u + IjoiYWxsb3cgciwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2NrbGlzdCciLCJvc2QiOiJhbGxvdyBy + dyB0YWcgY2VwaGZzICo9KiJ9fV0iIiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAg + ICAgICAgICAiIiJ7ImNhcHMiOiBbIm1vbiIsICJhbGxvdyByLCBhbGxvdyBjb21tYW5kICdvc2Qg + YmxvY2tsaXN0JyIsICJtZ3IiLCAiYWxsb3cgcnciLCAib3NkIiwgImFsbG93IHJ3IHRhZyBjZXBo + ZnMgbWV0YWRhdGE9KiJdLCAiZW50aXR5IjogImNsaWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVy + IiwgImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJhdXRoIGdldC1vci1jcmVhdGUifSIiIgog + ICAgICAgIF0gPSAiIiJbeyJlbnRpdHkiOiJjbGllbnQuY3NpLWNlcGhmcy1wcm92aXNpb25lciIs + ImtleSI6IkFRQk9nck5lQUZnY0dCQUF2R3FLT0FEMEQzeHhtVlkwUjkxMmRnPT0iLCJjYXBzIjp7 + Im1nciI6ImFsbG93IHJ3IiwibW9uIjoiYWxsb3cgciwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2Nr + bGlzdCciLCJvc2QiOiJhbGxvdyBydyB0YWcgY2VwaGZzIG1ldGFkYXRhPSoifX1dIiIiCiAgICAg + ICAgc2VsZi5jbWRfb3V0cHV0X21hcFsKICAgICAgICAgICAgIiIieyJjYXBzIjogWyJtb24iLCAi + YWxsb3cgciwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2NrbGlzdCciLCAibWdyIiwgImFsbG93IHJ3 + IiwgIm9zZCIsICJhbGxvdyBydyB0YWcgY2VwaGZzIG1ldGFkYXRhPSoiXSwgImVudGl0eSI6ICJj + bGllbnQuY3NpLWNlcGhmcy1wcm92aXNpb25lci1vcGVuc2hpZnQtc3RvcmFnZSIsICJmb3JtYXQi + OiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQtb3ItY3JlYXRlIn0iIiIKICAgICAgICBdID0g + IiIiW3siZW50aXR5IjoiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9uZXItb3BlbnNoaWZ0LXN0 + b3JhZ2UiLCJrZXkiOiJCUUJPZ3JOZUFGZ2NHQkFBdkdxS09BRDBEM3h4bVZZMFI5MTJkZz09Iiwi + Y2FwcyI6eyJtZ3IiOiJhbGxvdyBydyIsIm1vbiI6ImFsbG93IHIsIGFsbG93IGNvbW1hbmQgJ29z + ZCBibG9ja2xpc3QnIiwib3NkIjoiYWxsb3cgcncgdGFnIGNlcGhmcyBtZXRhZGF0YT0qIn19XSIi + IgogICAgICAgIHNlbGYuY21kX291dHB1dF9tYXBbCiAgICAgICAgICAgICIiInsiY2FwcyI6IFsi + bW9uIiwgImFsbG93IHIsIGFsbG93IGNvbW1hbmQgJ29zZCBibG9ja2xpc3QnIiwgIm1nciIsICJh + bGxvdyBydyIsICJvc2QiLCAiYWxsb3cgcncgdGFnIGNlcGhmcyBtZXRhZGF0YT1teWZzIl0sICJl + bnRpdHkiOiAiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9uZXItb3BlbnNoaWZ0LXN0b3JhZ2Ut + bXlmcyIsICJmb3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQtb3ItY3JlYXRlIn0i + IiIKICAgICAgICBdID0gIiIiW3siZW50aXR5IjoiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9u + ZXItb3BlbnNoaWZ0LXN0b3JhZ2UtbXlmcyIsImtleSI6IkNRQk9nck5lQUZnY0dCQUF2R3FLT0FE + MEQzeHhtVlkwUjkxMmRnPT0iLCJjYXBzIjp7Im1nciI6ImFsbG93IHJ3IiwibW9uIjoiYWxsb3cg + ciwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2NrbGlzdCciLCJvc2QiOiJhbGxvdyBydyB0YWcgY2Vw + aGZzIG1ldGFkYXRhPW15ZnMifX1dIiIiCiAgICAgICAgc2VsZi5jbWRfb3V0cHV0X21hcFsKICAg + ICAgICAgICAgIiIieyJjYXBzIjogWyJtb24iLCAiYWxsb3cgciwgYWxsb3cgY29tbWFuZCBxdW9y + dW1fc3RhdHVzLCBhbGxvdyBjb21tYW5kIHZlcnNpb24iLCAibWdyIiwgImFsbG93IGNvbW1hbmQg + Y29uZmlnIiwgIm9zZCIsICJwcm9maWxlIHJiZC1yZWFkLW9ubHksIGFsbG93IHJ3eCBwb29sPWRl + ZmF1bHQucmd3Lm1ldGEsIGFsbG93IHIgcG9vbD0ucmd3LnJvb3QsIGFsbG93IHJ3IHBvb2w9ZGVm + YXVsdC5yZ3cuY29udHJvbCwgYWxsb3cgcnggcG9vbD1kZWZhdWx0LnJndy5sb2csIGFsbG93IHgg + cG9vbD1kZWZhdWx0LnJndy5idWNrZXRzLmluZGV4Il0sICJlbnRpdHkiOiAiY2xpZW50LmhlYWx0 + aGNoZWNrZXIiLCAiZm9ybWF0IjogImpzb24iLCAicHJlZml4IjogImF1dGggZ2V0LW9yLWNyZWF0 + ZSJ9IiIiCiAgICAgICAgXSA9ICIiIlt7ImVudGl0eSI6ImNsaWVudC5oZWFsdGhjaGVja2VyIiwi + a2V5IjoiQVFERmtiTmVmdDViRlJBQVRuZExOVVNFS3J1b3p4aVppM2xyZEE9PSIsImNhcHMiOnsi + bW9uIjogImFsbG93IHIsIGFsbG93IGNvbW1hbmQgcXVvcnVtX3N0YXR1cywgYWxsb3cgY29tbWFu + ZCB2ZXJzaW9uIiwgIm1nciI6ICJhbGxvdyBjb21tYW5kIGNvbmZpZyIsICJvc2QiOiAicHJvZmls + ZSByYmQtcmVhZC1vbmx5LCBhbGxvdyByd3ggcG9vbD1kZWZhdWx0LnJndy5tZXRhLCBhbGxvdyBy + IHBvb2w9LnJndy5yb290LCBhbGxvdyBydyBwb29sPWRlZmF1bHQucmd3LmNvbnRyb2wsIGFsbG93 + IHJ4IHBvb2w9ZGVmYXVsdC5yZ3cubG9nLCBhbGxvdyB4IHBvb2w9ZGVmYXVsdC5yZ3cuYnVja2V0 + cy5pbmRleCJ9fV0iIiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAi + IiJ7ImNhcHMiOiBbIm1vbiIsICJhbGxvdyByLCBhbGxvdyBjb21tYW5kIHF1b3J1bV9zdGF0dXMs + IGFsbG93IGNvbW1hbmQgdmVyc2lvbiIsICJtZ3IiLCAiYWxsb3cgY29tbWFuZCBjb25maWciLCAi + b3NkIiwgInByb2ZpbGUgcmJkLXJlYWQtb25seSwgYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5yZ3cu + bWV0YSwgYWxsb3cgciBwb29sPS5yZ3cucm9vdCwgYWxsb3cgcncgcG9vbD1kZWZhdWx0LnJndy5j + b250cm9sLCBhbGxvdyByeCBwb29sPWRlZmF1bHQucmd3LmxvZywgYWxsb3cgeCBwb29sPWRlZmF1 + bHQucmd3LmJ1Y2tldHMuaW5kZXgiXSwgImVudGl0eSI6ICJjbGllbnQuaGVhbHRoY2hlY2tlciIs + ICJmb3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBjYXBzIn0iIiIKICAgICAgICBdID0g + IiIiW3siZW50aXR5IjoiY2xpZW50LmhlYWx0aGNoZWNrZXIiLCJrZXkiOiJBUURGa2JOZWZ0NWJG + UkFBVG5kTE5VU1JLcnVvenhpWmkzbHJkQT09IiwiY2FwcyI6eyJtb24iOiAiYWxsb3cgciwgYWxs + b3cgY29tbWFuZCBxdW9ydW1fc3RhdHVzLCBhbGxvdyBjb21tYW5kIHZlcnNpb24iLCAibWdyIjog + ImFsbG93IGNvbW1hbmQgY29uZmlnIiwgIm9zZCI6ICJwcm9maWxlIHJiZC1yZWFkLW9ubHksIGFs + bG93IHJ3eCBwb29sPWRlZmF1bHQucmd3Lm1ldGEsIGFsbG93IHIgcG9vbD0ucmd3LnJvb3QsIGFs + bG93IHJ3IHBvb2w9ZGVmYXVsdC5yZ3cuY29udHJvbCwgYWxsb3cgcnggcG9vbD1kZWZhdWx0LnJn + dy5sb2csIGFsbG93IHggcG9vbD1kZWZhdWx0LnJndy5idWNrZXRzLmluZGV4In19XSIiIgogICAg + ICAgIHNlbGYuY21kX291dHB1dF9tYXBbIiIieyJmb3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAi + bWdyIHNlcnZpY2VzIn0iIiJdID0gKAogICAgICAgICAgICAiIiJ7ImRhc2hib2FyZCI6ICJodHRw + Oi8vcm9vay1jZXBoLW1nci1hLTU3Y2Y5Zjg0YmMtZjRqbmw6NzAwMC8iLCAicHJvbWV0aGV1cyI6 + ICJodHRwOi8vcm9vay1jZXBoLW1nci1hLTU3Y2Y5Zjg0YmMtZjRqbmw6OTI4My8ifSIiIgogICAg + ICAgICkKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAiIiJ7ImVudGl0 + eSI6ICJjbGllbnQuaGVhbHRoY2hlY2tlciIsICJmb3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAi + YXV0aCBnZXQifSIiIgogICAgICAgIF0gPSAiIiJ7ImRhc2hib2FyZCI6ICJodHRwOi8vcm9vay1j + ZXBoLW1nci1hLTU3Y2Y5Zjg0YmMtZjRqbmw6NzAwMC8iLCAicHJvbWV0aGV1cyI6ICJodHRwOi8v + cm9vay1jZXBoLW1nci1hLTU3Y2Y5Zjg0YmMtZjRqbmw6OTI4My8ifSIiIgogICAgICAgIHNlbGYu + Y21kX291dHB1dF9tYXBbCiAgICAgICAgICAgICIiInsiZW50aXR5IjogImNsaWVudC5oZWFsdGhj + aGVja2VyIiwgImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJhdXRoIGdldCJ9IiIiCiAgICAg + ICAgXSA9ICIiIlt7ImVudGl0eSI6ImNsaWVudC5oZWFsdGhjaGVja2VyIiwia2V5IjoiQVFERmti + TmVmdDViRlJBQVRuZExOVVNFS3J1b3p4aVppM2xyZEE9PSIsImNhcHMiOnsibW9uIjogImFsbG93 + IHIsIGFsbG93IGNvbW1hbmQgcXVvcnVtX3N0YXR1cywgYWxsb3cgY29tbWFuZCB2ZXJzaW9uIiwg + Im1nciI6ICJhbGxvdyBjb21tYW5kIGNvbmZpZyIsICJvc2QiOiAicHJvZmlsZSByYmQtcmVhZC1v + bmx5LCBhbGxvdyByd3ggcG9vbD1kZWZhdWx0LnJndy5tZXRhLCBhbGxvdyByIHBvb2w9LnJndy5y + b290LCBhbGxvdyBydyBwb29sPWRlZmF1bHQucmd3LmNvbnRyb2wsIGFsbG93IHJ4IHBvb2w9ZGVm + YXVsdC5yZ3cubG9nLCBhbGxvdyB4IHBvb2w9ZGVmYXVsdC5yZ3cuYnVja2V0cy5pbmRleCJ9fV0i + IiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAgICAgICAiIiJ7ImVudGl0eSI6 + ICJjbGllbnQuY3NpLWNlcGhmcy1ub2RlIiwgImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJh + dXRoIGdldCJ9IiIiCiAgICAgICAgXSA9ICIiIltdIiIiCiAgICAgICAgc2VsZi5jbWRfb3V0cHV0 + X21hcFsKICAgICAgICAgICAgIiIieyJlbnRpdHkiOiAiY2xpZW50LmNzaS1yYmQtbm9kZSIsICJm + b3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQifSIiIgogICAgICAgIF0gPSAiIiJb + XSIiIgogICAgICAgIHNlbGYuY21kX291dHB1dF9tYXBbCiAgICAgICAgICAgICIiInsiZW50aXR5 + IjogImNsaWVudC5jc2ktcmJkLXByb3Zpc2lvbmVyIiwgImZvcm1hdCI6ICJqc29uIiwgInByZWZp + eCI6ICJhdXRoIGdldCJ9IiIiCiAgICAgICAgXSA9ICIiIltdIiIiCiAgICAgICAgc2VsZi5jbWRf + b3V0cHV0X21hcFsKICAgICAgICAgICAgIiIieyJlbnRpdHkiOiAiY2xpZW50LmNzaS1jZXBoZnMt + cHJvdmlzaW9uZXIiLCAiZm9ybWF0IjogImpzb24iLCAicHJlZml4IjogImF1dGggZ2V0In0iIiIK + ICAgICAgICBdID0gIiIiW10iIiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAgICAg + ICAgICAiIiJ7ImVudGl0eSI6ICJjbGllbnQuY3NpLWNlcGhmcy1wcm92aXNpb25lci1vcGVuc2hp + ZnQtc3RvcmFnZSIsICJmb3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQifSIiIgog + ICAgICAgIF0gPSAiIiJbXSIiIgogICAgICAgIHNlbGYuY21kX291dHB1dF9tYXBbCiAgICAgICAg + ICAgICIiInsiZW50aXR5IjogImNsaWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyLW9wZW5zaGlm + dC1zdG9yYWdlLW15ZnMiLCAiZm9ybWF0IjogImpzb24iLCAicHJlZml4IjogImF1dGggZ2V0In0i + IiIKICAgICAgICBdID0gIiIiW10iIiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFwWwogICAg + ICAgICAgICAiIiJ7ImVudGl0eSI6ICJjbGllbnQuY3NpLWNlcGhmcy1wcm92aXNpb25lciIsICJm + b3JtYXQiOiAianNvbiIsICJwcmVmaXgiOiAiYXV0aCBnZXQifSIiIgogICAgICAgIF0gPSAiIiJb + eyJlbnRpdHkiOiJjbGllbnQuY3NpLWNlcGhmcy1wcm92aXNpb25lciIsImtleSI6IkFRREZrYk5l + ZnQ1YkZSQUFUbmRMTlVTRUtydW96eGlaaTNscmRBPT0iLCJjYXBzIjp7Im1vbiI6ImFsbG93IHIi + LCAibWdyIjoiYWxsb3cgcnciLCAib3NkIjoiYWxsb3cgcncgdGFnIGNlcGhmcyBtZXRhZGF0YT0q + In19XSIiIgogICAgICAgIHNlbGYuY21kX291dHB1dF9tYXBbCiAgICAgICAgICAgICIiInsiY2Fw + cyI6IFsibW9uIiwgImFsbG93IHIsIGFsbG93IGNvbW1hbmQgJ29zZCBibG9ja2xpc3QnIiwgIm1n + ciIsICJhbGxvdyBydyIsICJvc2QiLCAiYWxsb3cgcncgdGFnIGNlcGhmcyBtZXRhZGF0YT0qIl0s + ICJlbnRpdHkiOiAiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9uZXIiLCAiZm9ybWF0IjogImpz + b24iLCAicHJlZml4IjogImF1dGggY2FwcyJ9IiIiCiAgICAgICAgXSA9ICIiIlt7ImVudGl0eSI6 + ImNsaWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyIiwia2V5IjoiQVFERmtiTmVmdDViRlJBQVRu + ZExOVVNFS3J1b3p4aVppM2xyZEE9PSIsImNhcHMiOnsibW9uIjoiYWxsb3cgciwgIGFsbG93IGNv + bW1hbmQgJ29zZCBibG9ja2xpc3QnIiwgIm1nciI6ImFsbG93IHJ3IiwgIm9zZCI6ImFsbG93IHJ3 + IHRhZyBjZXBoZnMgbWV0YWRhdGE9KiJ9fV0iIiIKICAgICAgICBzZWxmLmNtZF9vdXRwdXRfbWFw + Wyd7ImZvcm1hdCI6ICJqc29uIiwgInByZWZpeCI6ICJzdGF0dXMifSddID0gY2VwaF9zdGF0dXNf + c3RyCgogICAgZGVmIHNodXRkb3duKHNlbGYpOgogICAgICAgIHBhc3MKCiAgICBkZWYgZ2V0X2Zz + aWQoc2VsZik6CiAgICAgICAgcmV0dXJuICJhZjRlMTY3My0wYjcyLTQwMmQtOTkwYS0yMmQyOTE5 + ZDBmMWMiCgogICAgZGVmIGNvbmZfcmVhZF9maWxlKHNlbGYpOgogICAgICAgIHBhc3MKCiAgICBk + ZWYgY29ubmVjdChzZWxmKToKICAgICAgICBwYXNzCgogICAgZGVmIHBvb2xfZXhpc3RzKHNlbGYs + IHBvb2xfbmFtZSk6CiAgICAgICAgcmV0dXJuIFRydWUKCiAgICBkZWYgbW9uX2NvbW1hbmQoc2Vs + ZiwgY21kLCBvdXQpOgogICAgICAgIGpzb25fY21kID0ganNvbi5sb2FkcyhjbWQpCiAgICAgICAg + anNvbl9jbWRfc3RyID0ganNvbi5kdW1wcyhqc29uX2NtZCwgc29ydF9rZXlzPVRydWUpCiAgICAg + ICAgY21kX291dHB1dCA9IHNlbGYuY21kX291dHB1dF9tYXBbanNvbl9jbWRfc3RyXQogICAgICAg + IHJldHVybiBzZWxmLnJldHVybl92YWwsIGNtZF9vdXRwdXQsIHN0cihzZWxmLmVycl9tZXNzYWdl + LmVuY29kZSgidXRmLTgiKSkKCiAgICBkZWYgX2NvbnZlcnRfaG9zdG5hbWVfdG9faXAoc2VsZiwg + aG9zdF9uYW1lKToKICAgICAgICBpcF9yZWdfeCA9IHJlLmNvbXBpbGUociJcZHsxLDN9LlxkezEs + M30uXGR7MSwzfS5cZHsxLDN9IikKICAgICAgICAjIGlmIHByb3ZpZGVkIGhvc3QgaXMgZGlyZWN0 + bHkgYW4gSVAgYWRkcmVzcywgcmV0dXJuIHRoZSBzYW1lCiAgICAgICAgaWYgaXBfcmVnX3gubWF0 + Y2goaG9zdF9uYW1lKToKICAgICAgICAgICAgcmV0dXJuIGhvc3RfbmFtZQogICAgICAgIGltcG9y + dCByYW5kb20KCiAgICAgICAgaG9zdF9pcCA9IHNlbGYuZHVtbXlfaG9zdF9pcF9tYXAuZ2V0KGhv + c3RfbmFtZSwgIiIpCiAgICAgICAgaWYgbm90IGhvc3RfaXA6CiAgICAgICAgICAgIGhvc3RfaXAg + PSBmIjE3Mi45LntyYW5kb20ucmFuZGludCgwLCAyNTQpfS57cmFuZG9tLnJhbmRpbnQoMCwgMjU0 + KX0iCiAgICAgICAgICAgIHNlbGYuZHVtbXlfaG9zdF9pcF9tYXBbaG9zdF9uYW1lXSA9IGhvc3Rf + aXAKICAgICAgICBkZWwgcmFuZG9tCiAgICAgICAgcmV0dXJuIGhvc3RfaXAKCiAgICBAY2xhc3Nt + ZXRob2QKICAgIGRlZiBSYWRvcyhjb25mZmlsZT1Ob25lKToKICAgICAgICByZXR1cm4gRHVtbXlS + YWRvcygpCgoKY2xhc3MgUzNBdXRoKEF1dGhCYXNlKToKICAgICIiIkF0dGFjaGVzIEFXUyBBdXRo + ZW50aWNhdGlvbiB0byB0aGUgZ2l2ZW4gUmVxdWVzdCBvYmplY3QuIiIiCgogICAgc2VydmljZV9i + YXNlX3VybCA9ICJzMy5hbWF6b25hd3MuY29tIgoKICAgIGRlZiBfX2luaXRfXyhzZWxmLCBhY2Nl + c3Nfa2V5LCBzZWNyZXRfa2V5LCBzZXJ2aWNlX3VybD1Ob25lKToKICAgICAgICBpZiBzZXJ2aWNl + X3VybDoKICAgICAgICAgICAgc2VsZi5zZXJ2aWNlX2Jhc2VfdXJsID0gc2VydmljZV91cmwKICAg + ICAgICBzZWxmLmFjY2Vzc19rZXkgPSBzdHIoYWNjZXNzX2tleSkKICAgICAgICBzZWxmLnNlY3Jl + dF9rZXkgPSBzdHIoc2VjcmV0X2tleSkKCiAgICBkZWYgX19jYWxsX18oc2VsZiwgcik6CiAgICAg + ICAgIyBDcmVhdGUgZGF0ZSBoZWFkZXIgaWYgaXQgaXMgbm90IGNyZWF0ZWQgeWV0LgogICAgICAg + IGlmICJkYXRlIiBub3QgaW4gci5oZWFkZXJzIGFuZCAieC1hbXotZGF0ZSIgbm90IGluIHIuaGVh + ZGVyczoKICAgICAgICAgICAgci5oZWFkZXJzWyJkYXRlIl0gPSBmb3JtYXRkYXRlKHRpbWV2YWw9 + Tm9uZSwgbG9jYWx0aW1lPUZhbHNlLCB1c2VnbXQ9VHJ1ZSkKICAgICAgICBzaWduYXR1cmUgPSBz + ZWxmLmdldF9zaWduYXR1cmUocikKICAgICAgICBpZiBweTNrOgogICAgICAgICAgICBzaWduYXR1 + cmUgPSBzaWduYXR1cmUuZGVjb2RlKCJ1dGYtOCIpCiAgICAgICAgci5oZWFkZXJzWyJBdXRob3Jp + emF0aW9uIl0gPSBmIkFXUyB7c2VsZi5hY2Nlc3Nfa2V5fTp7c2lnbmF0dXJlfSIKICAgICAgICBy + ZXR1cm4gcgoKICAgIGRlZiBnZXRfc2lnbmF0dXJlKHNlbGYsIHIpOgogICAgICAgIGNhbm9uaWNh + bF9zdHJpbmcgPSBzZWxmLmdldF9jYW5vbmljYWxfc3RyaW5nKHIudXJsLCByLmhlYWRlcnMsIHIu + bWV0aG9kKQogICAgICAgIGlmIHB5M2s6CiAgICAgICAgICAgIGtleSA9IHNlbGYuc2VjcmV0X2tl + eS5lbmNvZGUoInV0Zi04IikKICAgICAgICAgICAgbXNnID0gY2Fub25pY2FsX3N0cmluZy5lbmNv + ZGUoInV0Zi04IikKICAgICAgICBlbHNlOgogICAgICAgICAgICBrZXkgPSBzZWxmLnNlY3JldF9r + ZXkKICAgICAgICAgICAgbXNnID0gY2Fub25pY2FsX3N0cmluZwogICAgICAgIGggPSBobWFjLm5l + dyhrZXksIG1zZywgZGlnZXN0bW9kPXNoYSkKICAgICAgICByZXR1cm4gZW5jb2Rlc3RyaW5nKGgu + ZGlnZXN0KCkpLnN0cmlwKCkKCiAgICBkZWYgZ2V0X2Nhbm9uaWNhbF9zdHJpbmcoc2VsZiwgdXJs + LCBoZWFkZXJzLCBtZXRob2QpOgogICAgICAgIHBhcnNlZHVybCA9IHVybHBhcnNlKHVybCkKICAg + ICAgICBvYmplY3RrZXkgPSBwYXJzZWR1cmwucGF0aFsxOl0KCiAgICAgICAgYnVja2V0ID0gcGFy + c2VkdXJsLm5ldGxvY1s6IC1sZW4oc2VsZi5zZXJ2aWNlX2Jhc2VfdXJsKV0KICAgICAgICBpZiBs + ZW4oYnVja2V0KSA+IDE6CiAgICAgICAgICAgICMgcmVtb3ZlIGxhc3QgZG90CiAgICAgICAgICAg + IGJ1Y2tldCA9IGJ1Y2tldFs6LTFdCgogICAgICAgIGludGVyZXN0aW5nX2hlYWRlcnMgPSB7ImNv + bnRlbnQtbWQ1IjogIiIsICJjb250ZW50LXR5cGUiOiAiIiwgImRhdGUiOiAiIn0KICAgICAgICBm + b3Iga2V5IGluIGhlYWRlcnM6CiAgICAgICAgICAgIGxrID0ga2V5Lmxvd2VyKCkKICAgICAgICAg + ICAgdHJ5OgogICAgICAgICAgICAgICAgbGsgPSBsay5kZWNvZGUoInV0Zi04IikKICAgICAgICAg + ICAgZXhjZXB0OgogICAgICAgICAgICAgICAgcGFzcwogICAgICAgICAgICBpZiBoZWFkZXJzW2tl + eV0gYW5kICgKICAgICAgICAgICAgICAgIGxrIGluIGludGVyZXN0aW5nX2hlYWRlcnMua2V5cygp + IG9yIGxrLnN0YXJ0c3dpdGgoIngtYW16LSIpCiAgICAgICAgICAgICk6CiAgICAgICAgICAgICAg + ICBpbnRlcmVzdGluZ19oZWFkZXJzW2xrXSA9IGhlYWRlcnNba2V5XS5zdHJpcCgpCgogICAgICAg + ICMgSWYgeC1hbXotZGF0ZSBpcyB1c2VkIGl0IHN1cGVyc2VkZXMgdGhlIGRhdGUgaGVhZGVyLgog + ICAgICAgIGlmIG5vdCBweTNrOgogICAgICAgICAgICBpZiAieC1hbXotZGF0ZSIgaW4gaW50ZXJl + c3RpbmdfaGVhZGVyczoKICAgICAgICAgICAgICAgIGludGVyZXN0aW5nX2hlYWRlcnNbImRhdGUi + XSA9ICIiCiAgICAgICAgZWxzZToKICAgICAgICAgICAgaWYgIngtYW16LWRhdGUiIGluIGludGVy + ZXN0aW5nX2hlYWRlcnM6CiAgICAgICAgICAgICAgICBpbnRlcmVzdGluZ19oZWFkZXJzWyJkYXRl + Il0gPSAiIgoKICAgICAgICBidWYgPSBmInttZXRob2R9XG4iCiAgICAgICAgZm9yIGtleSBpbiBz + b3J0ZWQoaW50ZXJlc3RpbmdfaGVhZGVycy5rZXlzKCkpOgogICAgICAgICAgICB2YWwgPSBpbnRl + cmVzdGluZ19oZWFkZXJzW2tleV0KICAgICAgICAgICAgaWYga2V5LnN0YXJ0c3dpdGgoIngtYW16 + LSIpOgogICAgICAgICAgICAgICAgYnVmICs9IGYie2tleX06e3ZhbH1cbiIKICAgICAgICAgICAg + ZWxzZToKICAgICAgICAgICAgICAgIGJ1ZiArPSBmInt2YWx9XG4iCgogICAgICAgICMgYXBwZW5k + IHRoZSBidWNrZXQgaWYgaXQgZXhpc3RzCiAgICAgICAgaWYgYnVja2V0ICE9ICIiOgogICAgICAg + ICAgICBidWYgKz0gZiIve2J1Y2tldH0iCgogICAgICAgICMgYWRkIHRoZSBvYmplY3RrZXkuIGV2 + ZW4gaWYgaXQgZG9lc24ndCBleGlzdCwgYWRkIHRoZSBzbGFzaAogICAgICAgIGJ1ZiArPSBmIi97 + b2JqZWN0a2V5fSIKCiAgICAgICAgcmV0dXJuIGJ1ZgoKCmNsYXNzIFJhZG9zSlNPTjoKICAgIEVY + VEVSTkFMX1VTRVJfTkFNRSA9ICJjbGllbnQuaGVhbHRoY2hlY2tlciIKICAgIEVYVEVSTkFMX1JH + V19BRE1JTl9PUFNfVVNFUl9OQU1FID0gInJndy1hZG1pbi1vcHMtdXNlciIKICAgIEVNUFRZX09V + VFBVVF9MSVNUID0gIkVtcHR5IG91dHB1dCBsaXN0IgogICAgREVGQVVMVF9SR1dfUE9PTF9QUkVG + SVggPSAiZGVmYXVsdCIKICAgIERFRkFVTFRfTU9OSVRPUklOR19FTkRQT0lOVF9QT1JUID0gIjky + ODMiCgogICAgQGNsYXNzbWV0aG9kCiAgICBkZWYgZ2VuX2FyZ19wYXJzZXIoY2xzLCBhcmdzX3Rv + X3BhcnNlPU5vbmUpOgogICAgICAgIGFyZ1AgPSBhcmdwYXJzZS5Bcmd1bWVudFBhcnNlcigpCgog + ICAgICAgIGNvbW1vbl9ncm91cCA9IGFyZ1AuYWRkX2FyZ3VtZW50X2dyb3VwKCJjb21tb24iKQog + ICAgICAgIGNvbW1vbl9ncm91cC5hZGRfYXJndW1lbnQoIi0tdmVyYm9zZSIsICItdiIsIGFjdGlv + bj0ic3RvcmVfdHJ1ZSIsIGRlZmF1bHQ9RmFsc2UpCiAgICAgICAgY29tbW9uX2dyb3VwLmFkZF9h + cmd1bWVudCgKICAgICAgICAgICAgIi0tY2VwaC1jb25mIiwgIi1jIiwgaGVscD0iUHJvdmlkZSBh + IGNlcGggY29uZiBmaWxlLiIsIHR5cGU9c3RyCiAgICAgICAgKQogICAgICAgIGNvbW1vbl9ncm91 + cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLWtleXJpbmciLCAiLWsiLCBoZWxwPSJQYXRo + IHRvIGNlcGgga2V5cmluZyBmaWxlLiIsIHR5cGU9c3RyCiAgICAgICAgKQogICAgICAgIGNvbW1v + bl9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLXJ1bi1hcy11c2VyIiwKICAgICAg + ICAgICAgIi11IiwKICAgICAgICAgICAgZGVmYXVsdD0iIiwKICAgICAgICAgICAgdHlwZT1zdHIs + CiAgICAgICAgICAgIGhlbHA9IlByb3ZpZGVzIGEgdXNlciBuYW1lIHRvIGNoZWNrIHRoZSBjbHVz + dGVyJ3MgaGVhbHRoIHN0YXR1cywgbXVzdCBiZSBwcmVmaXhlZCBieSAnY2xpZW50LiciLAogICAg + ICAgICkKICAgICAgICBjb21tb25fZ3JvdXAuYWRkX2FyZ3VtZW50KAogICAgICAgICAgICAiLS1j + bHVzdGVyLW5hbWUiLAogICAgICAgICAgICBkZWZhdWx0PSIiLAogICAgICAgICAgICBoZWxwPSJL + dWJlcm5ldGVzIGNsdXN0ZXIgbmFtZShsZWdhY3kgZmxhZyksIE5vdGU6IEVpdGhlciB1c2UgdGhp + cyBvciAtLWs4cy1jbHVzdGVyLW5hbWUiLAogICAgICAgICkKICAgICAgICBjb21tb25fZ3JvdXAu + YWRkX2FyZ3VtZW50KAogICAgICAgICAgICAiLS1rOHMtY2x1c3Rlci1uYW1lIiwgZGVmYXVsdD0i + IiwgaGVscD0iS3ViZXJuZXRlcyBjbHVzdGVyIG5hbWUiCiAgICAgICAgKQogICAgICAgIGNvbW1v + bl9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLW5hbWVzcGFjZSIsCiAgICAgICAg + ICAgIGRlZmF1bHQ9IiIsCiAgICAgICAgICAgIGhlbHA9Ik5hbWVzcGFjZSB3aGVyZSBDZXBoQ2x1 + c3RlciBpcyBydW5uaW5nIiwKICAgICAgICApCiAgICAgICAgY29tbW9uX2dyb3VwLmFkZF9hcmd1 + bWVudCgKICAgICAgICAgICAgIi0tcmd3LXBvb2wtcHJlZml4IiwgZGVmYXVsdD0iIiwgaGVscD0i + UkdXIFBvb2wgcHJlZml4IgogICAgICAgICkKICAgICAgICBjb21tb25fZ3JvdXAuYWRkX2FyZ3Vt + ZW50KAogICAgICAgICAgICAiLS1yZXN0cmljdGVkLWF1dGgtcGVybWlzc2lvbiIsCiAgICAgICAg + ICAgIGRlZmF1bHQ9RmFsc2UsCiAgICAgICAgICAgIGhlbHA9IlJlc3RyaWN0IGNlcGhDU0lLZXly + aW5ncyBhdXRoIHBlcm1pc3Npb25zIHRvIHNwZWNpZmljIHBvb2xzLCBjbHVzdGVyLiIKICAgICAg + ICAgICAgKyAiTWFuZGF0b3J5IGZsYWdzIHRoYXQgbmVlZCB0byBiZSBzZXQgYXJlIC0tcmJkLWRh + dGEtcG9vbC1uYW1lLCBhbmQgLS1rOHMtY2x1c3Rlci1uYW1lLiIKICAgICAgICAgICAgKyAiLS1j + ZXBoZnMtZmlsZXN5c3RlbS1uYW1lIGZsYWcgY2FuIGFsc28gYmUgcGFzc2VkIGluIGNhc2Ugb2Yg + Y2VwaGZzIHVzZXIgcmVzdHJpY3Rpb24sIHNvIGl0IGNhbiByZXN0cmljdCB1c2VyIHRvIHBhcnRp + Y3VsYXIgY2VwaGZzIGZpbGVzeXN0ZW0iCiAgICAgICAgICAgICsgInNhbXBsZSBydW46IGBweXRo + b24zIC9ldGMvY2VwaC9jcmVhdGUtZXh0ZXJuYWwtY2x1c3Rlci1yZXNvdXJjZXMucHkgLS1jZXBo + ZnMtZmlsZXN5c3RlbS1uYW1lIG15ZnMgLS1yYmQtZGF0YS1wb29sLW5hbWUgcmVwbGljYXBvb2wg + LS1rOHMtY2x1c3Rlci1uYW1lIHJvb2tzdG9yYWdlIC0tcmVzdHJpY3RlZC1hdXRoLXBlcm1pc3Np + b24gdHJ1ZWAiCiAgICAgICAgICAgICsgIk5vdGU6IFJlc3RyaWN0aW5nIHRoZSBjc2ktdXNlcnMg + cGVyIHBvb2wsIGFuZCBwZXIgY2x1c3RlciB3aWxsIHJlcXVpcmUgY3JlYXRpbmcgbmV3IGNzaS11 + c2VycyBhbmQgbmV3IHNlY3JldHMgZm9yIHRoYXQgY3NpLXVzZXJzLiIKICAgICAgICAgICAgKyAi + U28gYXBwbHkgdGhlc2Ugc2VjcmV0cyBvbmx5IHRvIG5ldyBgQ29uc3VtZXIgY2x1c3RlcmAgZGVw + bG95bWVudCB3aGlsZSB1c2luZyB0aGUgc2FtZSBgU291cmNlIGNsdXN0ZXJgLiIsCiAgICAgICAg + KQogICAgICAgIGNvbW1vbl9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLXYyLXBv + cnQtZW5hYmxlIiwKICAgICAgICAgICAgYWN0aW9uPSJzdG9yZV90cnVlIiwKICAgICAgICAgICAg + ZGVmYXVsdD1GYWxzZSwKICAgICAgICAgICAgaGVscD0iRW5hYmxlIHYyIG1vbiBwb3J0KDMzMDAp + IGZvciBtb25zIiwKICAgICAgICApCgogICAgICAgIG91dHB1dF9ncm91cCA9IGFyZ1AuYWRkX2Fy + Z3VtZW50X2dyb3VwKCJvdXRwdXQiKQogICAgICAgIG91dHB1dF9ncm91cC5hZGRfYXJndW1lbnQo + CiAgICAgICAgICAgICItLWZvcm1hdCIsCiAgICAgICAgICAgICItdCIsCiAgICAgICAgICAgIGNo + b2ljZXM9WyJqc29uIiwgImJhc2giXSwKICAgICAgICAgICAgZGVmYXVsdD0ianNvbiIsCiAgICAg + ICAgICAgIGhlbHA9IlByb3ZpZGVzIHRoZSBvdXRwdXQgZm9ybWF0IChqc29uIHwgYmFzaCkiLAog + ICAgICAgICkKICAgICAgICBvdXRwdXRfZ3JvdXAuYWRkX2FyZ3VtZW50KAogICAgICAgICAgICAi + LS1vdXRwdXQiLAogICAgICAgICAgICAiLW8iLAogICAgICAgICAgICBkZWZhdWx0PSIiLAogICAg + ICAgICAgICBoZWxwPSJPdXRwdXQgd2lsbCBiZSBzdG9yZWQgaW50byB0aGUgcHJvdmlkZWQgZmls + ZSIsCiAgICAgICAgKQogICAgICAgIG91dHB1dF9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAg + ICAgICItLWNlcGhmcy1maWxlc3lzdGVtLW5hbWUiLAogICAgICAgICAgICBkZWZhdWx0PSIiLAog + ICAgICAgICAgICBoZWxwPSJQcm92aWRlcyB0aGUgbmFtZSBvZiB0aGUgQ2VwaCBmaWxlc3lzdGVt + IiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAg + ICAgIi0tY2VwaGZzLW1ldGFkYXRhLXBvb2wtbmFtZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9IiIs + CiAgICAgICAgICAgIGhlbHA9IlByb3ZpZGVzIHRoZSBuYW1lIG9mIHRoZSBjZXBoZnMgbWV0YWRh + dGEgcG9vbCIsCiAgICAgICAgKQogICAgICAgIG91dHB1dF9ncm91cC5hZGRfYXJndW1lbnQoCiAg + ICAgICAgICAgICItLWNlcGhmcy1kYXRhLXBvb2wtbmFtZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9 + IiIsCiAgICAgICAgICAgIGhlbHA9IlByb3ZpZGVzIHRoZSBuYW1lIG9mIHRoZSBjZXBoZnMgZGF0 + YSBwb29sIiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgKICAg + ICAgICAgICAgIi0tcmJkLWRhdGEtcG9vbC1uYW1lIiwKICAgICAgICAgICAgZGVmYXVsdD0iIiwK + ICAgICAgICAgICAgcmVxdWlyZWQ9RmFsc2UsCiAgICAgICAgICAgIGhlbHA9IlByb3ZpZGVzIHRo + ZSBuYW1lIG9mIHRoZSBSQkQgZGF0YXBvb2wiLAogICAgICAgICkKICAgICAgICBvdXRwdXRfZ3Jv + dXAuYWRkX2FyZ3VtZW50KAogICAgICAgICAgICAiLS1hbGlhcy1yYmQtZGF0YS1wb29sLW5hbWUi + LAogICAgICAgICAgICBkZWZhdWx0PSIiLAogICAgICAgICAgICByZXF1aXJlZD1GYWxzZSwKICAg + ICAgICAgICAgaGVscD0iUHJvdmlkZXMgYW4gYWxpYXMgZm9yIHRoZSAgUkJEIGRhdGEgcG9vbCBu + YW1lLCBuZWNlc3NhcnkgaWYgYSBzcGVjaWFsIGNoYXJhY3RlciBpcyBwcmVzZW50IGluIHRoZSBw + b29sIG5hbWUgc3VjaCBhcyBhIHBlcmlvZCBvciB1bmRlcnNjb3JlIiwKICAgICAgICApCiAgICAg + ICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAgICAgIi0tcmd3LWVuZHBvaW50 + IiwKICAgICAgICAgICAgZGVmYXVsdD0iIiwKICAgICAgICAgICAgcmVxdWlyZWQ9RmFsc2UsCiAg + ICAgICAgICAgIGhlbHA9IlJBRE9TIEdhdGV3YXkgZW5kcG9pbnQgKGluIGA8SVB2ND46PFBPUlQ+ + YCBvciBgPFtJUHY2XT46PFBPUlQ+YCBvciBgPEZRRE4+OjxQT1JUPmAgZm9ybWF0KSIsCiAgICAg + ICAgKQogICAgICAgIG91dHB1dF9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLXJn + dy10bHMtY2VydC1wYXRoIiwKICAgICAgICAgICAgZGVmYXVsdD0iIiwKICAgICAgICAgICAgcmVx + dWlyZWQ9RmFsc2UsCiAgICAgICAgICAgIGhlbHA9IlJBRE9TIEdhdGV3YXkgZW5kcG9pbnQgVExT + IGNlcnRpZmljYXRlIiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVu + dCgKICAgICAgICAgICAgIi0tcmd3LXNraXAtdGxzIiwKICAgICAgICAgICAgcmVxdWlyZWQ9RmFs + c2UsCiAgICAgICAgICAgIGRlZmF1bHQ9RmFsc2UsCiAgICAgICAgICAgIGhlbHA9Iklnbm9yZSBU + TFMgY2VydGlmaWNhdGlvbiB2YWxpZGF0aW9uIHdoZW4gYSBzZWxmLXNpZ25lZCBjZXJ0aWZpY2F0 + ZSBpcyBwcm92aWRlZCAoTk9UIFJFQ09NTUVOREVEIiwKICAgICAgICApCiAgICAgICAgb3V0cHV0 + X2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAgICAgIi0tbW9uaXRvcmluZy1lbmRwb2ludCIs + CiAgICAgICAgICAgIGRlZmF1bHQ9IiIsCiAgICAgICAgICAgIHJlcXVpcmVkPUZhbHNlLAogICAg + ICAgICAgICBoZWxwPSJDZXBoIE1hbmFnZXIgcHJvbWV0aGV1cyBleHBvcnRlciBlbmRwb2ludHMg + KGNvbW1hIHNlcGFyYXRlZCBsaXN0IG9mIChmb3JtYXQgYDxJUHY0PmAgb3IgYDxbSVB2Nl0+YCBv + ciBgPEZRRE4+YCkgZW50cmllcyBvZiBhY3RpdmUgYW5kIHN0YW5kYnkgbWdycykiLAogICAgICAg + ICkKICAgICAgICBvdXRwdXRfZ3JvdXAuYWRkX2FyZ3VtZW50KAogICAgICAgICAgICAiLS1tb25p + dG9yaW5nLWVuZHBvaW50LXBvcnQiLAogICAgICAgICAgICBkZWZhdWx0PSIiLAogICAgICAgICAg + ICByZXF1aXJlZD1GYWxzZSwKICAgICAgICAgICAgaGVscD0iQ2VwaCBNYW5hZ2VyIHByb21ldGhl + dXMgZXhwb3J0ZXIgcG9ydCIsCiAgICAgICAgKQogICAgICAgIG91dHB1dF9ncm91cC5hZGRfYXJn + dW1lbnQoCiAgICAgICAgICAgICItLXNraXAtbW9uaXRvcmluZy1lbmRwb2ludCIsCiAgICAgICAg + ICAgIGRlZmF1bHQ9RmFsc2UsCiAgICAgICAgICAgIGFjdGlvbj0ic3RvcmVfdHJ1ZSIsCiAgICAg + ICAgICAgIGhlbHA9IkRvIG5vdCBjaGVjayBmb3IgYSBtb25pdG9yaW5nIGVuZHBvaW50IGZvciB0 + aGUgQ2VwaCBjbHVzdGVyIiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1 + bWVudCgKICAgICAgICAgICAgIi0tcmJkLW1ldGFkYXRhLWVjLXBvb2wtbmFtZSIsCiAgICAgICAg + ICAgIGRlZmF1bHQ9IiIsCiAgICAgICAgICAgIHJlcXVpcmVkPUZhbHNlLAogICAgICAgICAgICBo + ZWxwPSJQcm92aWRlcyB0aGUgbmFtZSBvZiBlcmFzdXJlIGNvZGVkIFJCRCBtZXRhZGF0YSBwb29s + IiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAg + ICAgIi0tZHJ5LXJ1biIsCiAgICAgICAgICAgIGRlZmF1bHQ9RmFsc2UsCiAgICAgICAgICAgIGFj + dGlvbj0ic3RvcmVfdHJ1ZSIsCiAgICAgICAgICAgIGhlbHA9IkRyeSBydW4gcHJpbnRzIHRoZSBl + eGVjdXRlZCBjb21tYW5kcyB3aXRob3V0IHJ1bm5pbmcgdGhlbSIsCiAgICAgICAgKQogICAgICAg + IG91dHB1dF9ncm91cC5hZGRfYXJndW1lbnQoCiAgICAgICAgICAgICItLXJhZG9zLW5hbWVzcGFj + ZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9IiIsCiAgICAgICAgICAgIHJlcXVpcmVkPUZhbHNlLAog + ICAgICAgICAgICBoZWxwPSJEaXZpZGVzIGEgcG9vbCBpbnRvIHNlcGFyYXRlIGxvZ2ljYWwgbmFt + ZXNwYWNlcywgdXNlZCBmb3IgY3JlYXRpbmcgUkJEIFBWQyBpbiBhIENlcGhCbG9ja1Bvb2xSYWRv + c05hbWVzcGFjZSAoc2hvdWxkIGJlIGxvd2VyIGNhc2UpIiwKICAgICAgICApCiAgICAgICAgb3V0 + cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAgICAgIi0tc3Vidm9sdW1lLWdyb3VwIiwK + ICAgICAgICAgICAgZGVmYXVsdD0iIiwKICAgICAgICAgICAgcmVxdWlyZWQ9RmFsc2UsCiAgICAg + ICAgICAgIGhlbHA9InByb3ZpZGVzIHRoZSBuYW1lIG9mIHRoZSBzdWJ2b2x1bWUgZ3JvdXAiLAog + ICAgICAgICkKICAgICAgICBvdXRwdXRfZ3JvdXAuYWRkX2FyZ3VtZW50KAogICAgICAgICAgICAi + LS1yZ3ctcmVhbG0tbmFtZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9IiIsCiAgICAgICAgICAgIHJl + cXVpcmVkPUZhbHNlLAogICAgICAgICAgICBoZWxwPSJwcm92aWRlcyB0aGUgbmFtZSBvZiB0aGUg + cmd3LXJlYWxtIiwKICAgICAgICApCiAgICAgICAgb3V0cHV0X2dyb3VwLmFkZF9hcmd1bWVudCgK + ICAgICAgICAgICAgIi0tcmd3LXpvbmUtbmFtZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9IiIsCiAg + ICAgICAgICAgIHJlcXVpcmVkPUZhbHNlLAogICAgICAgICAgICBoZWxwPSJwcm92aWRlcyB0aGUg + bmFtZSBvZiB0aGUgcmd3LXpvbmUiLAogICAgICAgICkKICAgICAgICBvdXRwdXRfZ3JvdXAuYWRk + X2FyZ3VtZW50KAogICAgICAgICAgICAiLS1yZ3ctem9uZWdyb3VwLW5hbWUiLAogICAgICAgICAg + ICBkZWZhdWx0PSIiLAogICAgICAgICAgICByZXF1aXJlZD1GYWxzZSwKICAgICAgICAgICAgaGVs + cD0icHJvdmlkZXMgdGhlIG5hbWUgb2YgdGhlIHJndy16b25lZ3JvdXAiLAogICAgICAgICkKCiAg + ICAgICAgdXBncmFkZV9ncm91cCA9IGFyZ1AuYWRkX2FyZ3VtZW50X2dyb3VwKCJ1cGdyYWRlIikK + ICAgICAgICB1cGdyYWRlX2dyb3VwLmFkZF9hcmd1bWVudCgKICAgICAgICAgICAgIi0tdXBncmFk + ZSIsCiAgICAgICAgICAgIGFjdGlvbj0ic3RvcmVfdHJ1ZSIsCiAgICAgICAgICAgIGRlZmF1bHQ9 + RmFsc2UsCiAgICAgICAgICAgIGhlbHA9IlVwZ3JhZGVzIHRoZSBjZXBoQ1NJS2V5cmluZ3MoRm9y + IGV4YW1wbGU6IGNsaWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyKSBhbmQgY2xpZW50LmhlYWx0 + aGNoZWNrZXIgY2VwaCB1c2VycyB3aXRoIG5ldyBwZXJtaXNzaW9ucyBuZWVkZWQgZm9yIHRoZSBu + ZXcgY2x1c3RlciB2ZXJzaW9uIGFuZCBvbGRlciBwZXJtaXNzaW9uIHdpbGwgc3RpbGwgYmUgYXBw + bGllZC4iCiAgICAgICAgICAgICsgIlNhbXBsZSBydW46IGBweXRob24zIC9ldGMvY2VwaC9jcmVh + dGUtZXh0ZXJuYWwtY2x1c3Rlci1yZXNvdXJjZXMucHkgLS11cGdyYWRlYCwgdGhpcyB3aWxsIHVw + Z3JhZGUgYWxsIHRoZSBkZWZhdWx0IGNzaSB1c2Vycyhub24tcmVzdHJpY3RlZCkiCiAgICAgICAg + ICAgICsgIkZvciByZXN0cmljdGVkIHVzZXJzKEZvciBleGFtcGxlOiBjbGllbnQuY3NpLWNlcGhm + cy1wcm92aXNpb25lci1vcGVuc2hpZnQtc3RvcmFnZS1teWZzKSwgdXNlcnMgY3JlYXRlZCB1c2lu + ZyAtLXJlc3RyaWN0ZWQtYXV0aC1wZXJtaXNzaW9uIGZsYWcgbmVlZCB0byBwYXNzIG1hbmRhdG9y + eSBmbGFncyIKICAgICAgICAgICAgKyAibWFuZGF0b3J5IGZsYWdzOiAnLS1yYmQtZGF0YS1wb29s + LW5hbWUsIC0tazhzLWNsdXN0ZXItbmFtZSBhbmQgLS1ydW4tYXMtdXNlcicgZmxhZ3Mgd2hpbGUg + dXBncmFkaW5nIgogICAgICAgICAgICArICJpbiBjYXNlIG9mIGNlcGhmcyB1c2VycyBpZiB5b3Ug + aGF2ZSBwYXNzZWQgLS1jZXBoZnMtZmlsZXN5c3RlbS1uYW1lIGZsYWcgd2hpbGUgY3JlYXRpbmcg + dXNlciB0aGVuIHdoaWxlIHVwZ3JhZGluZyBpdCB3aWxsIGJlIG1hbmRhdG9yeSB0b28iCiAgICAg + ICAgICAgICsgIlNhbXBsZSBydW46IGBweXRob24zIC9ldGMvY2VwaC9jcmVhdGUtZXh0ZXJuYWwt + Y2x1c3Rlci1yZXNvdXJjZXMucHkgLS11cGdyYWRlIC0tcmJkLWRhdGEtcG9vbC1uYW1lIHJlcGxp + Y2Fwb29sIC0tazhzLWNsdXN0ZXItbmFtZSByb29rc3RvcmFnZSAgLS1ydW4tYXMtdXNlciBjbGll + bnQuY3NpLXJiZC1ub2RlLXJvb2tzdG9yYWdlLXJlcGxpY2Fwb29sYCIKICAgICAgICAgICAgKyAi + UFM6IEFuIGV4aXN0aW5nIG5vbi1yZXN0cmljdGVkIHVzZXIgY2Fubm90IGJlIGNvbnZlcnRlZCB0 + byBhIHJlc3RyaWN0ZWQgdXNlciBieSB1cGdyYWRpbmcuIgogICAgICAgICAgICArICJVcGdyYWRl + IGZsYWcgc2hvdWxkIG9ubHkgYmUgdXNlZCB0byBhcHBlbmQgbmV3IHBlcm1pc3Npb25zIHRvIHVz + ZXJzLCBpdCBzaG91bGRuJ3QgYmUgdXNlZCBmb3IgY2hhbmdpbmcgdXNlciBhbHJlYWR5IGFwcGxp + ZWQgcGVybWlzc2lvbiwgZm9yIGV4YW1wbGUgeW91IHNob3VsZG4ndCBjaGFuZ2UgaW4gd2hpY2gg + cG9vbCB1c2VyIGhhcyBhY2Nlc3MiLAogICAgICAgICkKCiAgICAgICAgaWYgYXJnc190b19wYXJz + ZToKICAgICAgICAgICAgYXNzZXJ0ICgKICAgICAgICAgICAgICAgIHR5cGUoYXJnc190b19wYXJz + ZSkgPT0gbGlzdAogICAgICAgICAgICApLCAiQXJndW1lbnQgdG8gJ2dlbl9hcmdfcGFyc2VyJyBz + aG91bGQgYmUgYSBsaXN0IgogICAgICAgIGVsc2U6CiAgICAgICAgICAgIGFyZ3NfdG9fcGFyc2Ug + PSBzeXMuYXJndlsxOl0KICAgICAgICByZXR1cm4gYXJnUC5wYXJzZV9hcmdzKGFyZ3NfdG9fcGFy + c2UpCgogICAgZGVmIHZhbGlkYXRlX3JiZF9tZXRhZGF0YV9lY19wb29sX25hbWUoc2VsZik6CiAg + ICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5yYmRfbWV0YWRhdGFfZWNfcG9vbF9uYW1lOgogICAg + ICAgICAgICByYmRfbWV0YWRhdGFfZWNfcG9vbF9uYW1lID0gc2VsZi5fYXJnX3BhcnNlci5yYmRf + bWV0YWRhdGFfZWNfcG9vbF9uYW1lCiAgICAgICAgICAgIHJiZF9wb29sX25hbWUgPSBzZWxmLl9h + cmdfcGFyc2VyLnJiZF9kYXRhX3Bvb2xfbmFtZQoKICAgICAgICAgICAgaWYgcmJkX3Bvb2xfbmFt + ZSA9PSAiIjoKICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24o + CiAgICAgICAgICAgICAgICAgICAgIkZsYWcgJy0tcmJkLWRhdGEtcG9vbC1uYW1lJyBzaG91bGQg + bm90IGJlIGVtcHR5IgogICAgICAgICAgICAgICAgKQoKICAgICAgICAgICAgaWYgcmJkX21ldGFk + YXRhX2VjX3Bvb2xfbmFtZSA9PSAiIjoKICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZh + aWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAgICAgIkZsYWcgJy0tcmJkLW1ldGFkYXRh + LWVjLXBvb2wtbmFtZScgc2hvdWxkIG5vdCBiZSBlbXB0eSIKICAgICAgICAgICAgICAgICkKCiAg + ICAgICAgICAgIGNtZF9qc29uID0geyJwcmVmaXgiOiAib3NkIGR1bXAiLCAiZm9ybWF0IjogImpz + b24ifQogICAgICAgICAgICByZXRfdmFsLCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1v + bl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAgICAgICAgIGlmIHJldF92YWwgIT0gMCBvciBs + ZW4oanNvbl9vdXQpID09IDA6CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJl + RXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgIGYie2NtZF9qc29uWydwcmVmaXgnXX0gY29t + bWFuZCBmYWlsZWQuXG4iCiAgICAgICAgICAgICAgICAgICAgZiJFcnJvcjoge2Vycl9tc2cgaWYg + cmV0X3ZhbCAhPSAwIGVsc2Ugc2VsZi5FTVBUWV9PVVRQVVRfTElTVH0iCiAgICAgICAgICAgICAg + ICApCiAgICAgICAgICAgIG1ldGFkYXRhX3Bvb2xfZXhpc3QsIHBvb2xfZXhpc3QgPSBGYWxzZSwg + RmFsc2UKCiAgICAgICAgICAgIGZvciBrZXkgaW4ganNvbl9vdXRbInBvb2xzIl06CiAgICAgICAg + ICAgICAgICAjIGlmIGVyYXN1cmVfY29kZV9wcm9maWxlIGlzIGVtcHR5IGFuZCBwb29sIG5hbWUg + ZXhpc3RzIHRoZW4gaXQgcmVwbGljYSBwb29sCiAgICAgICAgICAgICAgICBpZiAoCiAgICAgICAg + ICAgICAgICAgICAga2V5WyJlcmFzdXJlX2NvZGVfcHJvZmlsZSJdID09ICIiCiAgICAgICAgICAg + ICAgICAgICAgYW5kIGtleVsicG9vbF9uYW1lIl0gPT0gcmJkX21ldGFkYXRhX2VjX3Bvb2xfbmFt + ZQogICAgICAgICAgICAgICAgKToKICAgICAgICAgICAgICAgICAgICBtZXRhZGF0YV9wb29sX2V4 + aXN0ID0gVHJ1ZQogICAgICAgICAgICAgICAgIyBpZiBlcmFzdXJlX2NvZGVfcHJvZmlsZSBpcyBu + b3QgZW1wdHkgYW5kIHBvb2wgbmFtZSBleGlzdHMgdGhlbiBpdCBpcyBlYyBwb29sCiAgICAgICAg + ICAgICAgICBpZiBrZXlbImVyYXN1cmVfY29kZV9wcm9maWxlIl0gYW5kIGtleVsicG9vbF9uYW1l + Il0gPT0gcmJkX3Bvb2xfbmFtZToKICAgICAgICAgICAgICAgICAgICBwb29sX2V4aXN0ID0gVHJ1 + ZQoKICAgICAgICAgICAgaWYgbm90IG1ldGFkYXRhX3Bvb2xfZXhpc3Q6CiAgICAgICAgICAgICAg + ICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICJQ + cm92aWRlZCByYmRfZWNfbWV0YWRhdGFfcG9vbCBuYW1lLCIKICAgICAgICAgICAgICAgICAgICBm + IiB7cmJkX21ldGFkYXRhX2VjX3Bvb2xfbmFtZX0sIGRvZXMgbm90IGV4aXN0IgogICAgICAgICAg + ICAgICAgKQogICAgICAgICAgICBpZiBub3QgcG9vbF9leGlzdDoKICAgICAgICAgICAgICAgIHJh + aXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAgICAgZiJQcm92 + aWRlZCByYmRfZGF0YV9wb29sIG5hbWUsIHtyYmRfcG9vbF9uYW1lfSwgZG9lcyBub3QgZXhpc3Qi + CiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIHJldHVybiByYmRfbWV0YWRhdGFfZWNfcG9v + bF9uYW1lCgogICAgZGVmIGRyeV9ydW4oc2VsZiwgbXNnKToKICAgICAgICBpZiBzZWxmLl9hcmdf + cGFyc2VyLmRyeV9ydW46CiAgICAgICAgICAgIHByaW50KCJFeGVjdXRlOiAiICsgIiciICsgbXNn + ICsgIiciKQoKICAgIGRlZiB2YWxpZGF0ZV9yZ3dfZW5kcG9pbnRfdGxzX2NlcnQoc2VsZik6CiAg + ICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5yZ3dfdGxzX2NlcnRfcGF0aDoKICAgICAgICAgICAg + d2l0aCBvcGVuKHNlbGYuX2FyZ19wYXJzZXIucmd3X3Rsc19jZXJ0X3BhdGgsIGVuY29kaW5nPSJ1 + dGY4IikgYXMgZjoKICAgICAgICAgICAgICAgIGNvbnRlbnRzID0gZi5yZWFkKCkKICAgICAgICAg + ICAgICAgIHJldHVybiBjb250ZW50cy5yc3RyaXAoKQoKICAgIGRlZiBfY2hlY2tfY29uZmxpY3Rp + bmdfb3B0aW9ucyhzZWxmKToKICAgICAgICBpZiBub3Qgc2VsZi5fYXJnX3BhcnNlci51cGdyYWRl + IGFuZCBub3Qgc2VsZi5fYXJnX3BhcnNlci5yYmRfZGF0YV9wb29sX25hbWU6CiAgICAgICAgICAg + IHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAiRWl0aGVy + ICctLXVwZ3JhZGUnIG9yICctLXJiZC1kYXRhLXBvb2wtbmFtZSA8cG9vbF9uYW1lPicgc2hvdWxk + IGJlIHNwZWNpZmllZCIKICAgICAgICAgICAgKQoKICAgIGRlZiBfaW52YWxpZF9lbmRwb2ludChz + ZWxmLCBlbmRwb2ludF9zdHIpOgogICAgICAgICMgZXh0cmFjdCB0aGUgcG9ydCBieSBnZXR0aW5n + IHRoZSBsYXN0IHNwbGl0IG9uIGA6YCBkZWxpbWl0ZXIKICAgICAgICB0cnk6CiAgICAgICAgICAg + IGVuZHBvaW50X3N0cl9pcCwgcG9ydCA9IGVuZHBvaW50X3N0ci5yc3BsaXQoIjoiLCAxKQogICAg + ICAgIGV4Y2VwdCBWYWx1ZUVycm9yOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJl + RXhjZXB0aW9uKGYiTm90IGEgcHJvcGVyIGVuZHBvaW50OiB7ZW5kcG9pbnRfc3RyfSIpCgogICAg + ICAgIHRyeToKICAgICAgICAgICAgaWYgZW5kcG9pbnRfc3RyX2lwWzBdID09ICJbIjoKICAgICAg + ICAgICAgICAgIGVuZHBvaW50X3N0cl9pcCA9IGVuZHBvaW50X3N0cl9pcFsxIDogbGVuKGVuZHBv + aW50X3N0cl9pcCkgLSAxXQogICAgICAgICAgICBpcF90eXBlID0gKAogICAgICAgICAgICAgICAg + IklQdjQiIGlmIHR5cGUoaXBfYWRkcmVzcyhlbmRwb2ludF9zdHJfaXApKSBpcyBJUHY0QWRkcmVz + cyBlbHNlICJJUHY2IgogICAgICAgICAgICApCiAgICAgICAgZXhjZXB0IFZhbHVlRXJyb3I6CiAg + ICAgICAgICAgIGlwX3R5cGUgPSAiRlFETiIKICAgICAgICBpZiBub3QgcG9ydC5pc2RpZ2l0KCk6 + CiAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oZiJQb3J0IG5vdCB2 + YWxpZDoge3BvcnR9IikKICAgICAgICBpbnRQb3J0ID0gaW50KHBvcnQpCiAgICAgICAgaWYgaW50 + UG9ydCA8IDEgb3IgaW50UG9ydCA+IDIqKjE2IC0gMToKICAgICAgICAgICAgcmFpc2UgRXhlY3V0 + aW9uRmFpbHVyZUV4Y2VwdGlvbihmIk91dCBvZiByYW5nZSBwb3J0IG51bWJlcjoge3BvcnR9IikK + CiAgICAgICAgcmV0dXJuIGlwX3R5cGUKCiAgICBkZWYgZW5kcG9pbnRfZGlhbChzZWxmLCBlbmRw + b2ludF9zdHIsIGlwX3R5cGUsIHRpbWVvdXQ9MywgY2VydD1Ob25lKToKICAgICAgICAjIGlmIHRo + ZSAnY2x1c3RlcicgaW5zdGFuY2UgaXMgYSBkdW1teSBvbmUsCiAgICAgICAgIyBkb24ndCB0cnkg + dG8gcmVhY2ggb3V0IHRvIHRoZSBlbmRwb2ludAogICAgICAgIGlmIGlzaW5zdGFuY2Uoc2VsZi5j + bHVzdGVyLCBEdW1teVJhZG9zKToKICAgICAgICAgICAgcmV0dXJuICIiLCAiIiwgIiIKICAgICAg + ICBpZiBpcF90eXBlID09ICJJUHY2IjoKICAgICAgICAgICAgdHJ5OgogICAgICAgICAgICAgICAg + ZW5kcG9pbnRfc3RyX2lwLCBlbmRwb2ludF9zdHJfcG9ydCA9IGVuZHBvaW50X3N0ci5yc3BsaXQo + IjoiLCAxKQogICAgICAgICAgICBleGNlcHQgVmFsdWVFcnJvcjoKICAgICAgICAgICAgICAgIHJh + aXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAgICAgZiJOb3Qg + YSBwcm9wZXIgZW5kcG9pbnQ6IHtlbmRwb2ludF9zdHJ9IgogICAgICAgICAgICAgICAgKQogICAg + ICAgICAgICBpZiBlbmRwb2ludF9zdHJfaXBbMF0gIT0gIlsiOgogICAgICAgICAgICAgICAgZW5k + cG9pbnRfc3RyX2lwID0gIlsiICsgZW5kcG9pbnRfc3RyX2lwICsgIl0iCiAgICAgICAgICAgIGVu + ZHBvaW50X3N0ciA9ICI6Ii5qb2luKFtlbmRwb2ludF9zdHJfaXAsIGVuZHBvaW50X3N0cl9wb3J0 + XSkKCiAgICAgICAgcHJvdG9jb2xzID0gWyJodHRwIiwgImh0dHBzIl0KICAgICAgICByZXNwb25z + ZV9lcnJvciA9IE5vbmUKICAgICAgICBmb3IgcHJlZml4IGluIHByb3RvY29sczoKICAgICAgICAg + ICAgdHJ5OgogICAgICAgICAgICAgICAgZXAgPSBmIntwcmVmaXh9Oi8ve2VuZHBvaW50X3N0cn0i + CiAgICAgICAgICAgICAgICB2ZXJpZnkgPSBOb25lCiAgICAgICAgICAgICAgICAjIElmIHZlcmlm + eSBpcyBzZXQgdG8gYSBwYXRoIHRvIGEgZGlyZWN0b3J5LAogICAgICAgICAgICAgICAgIyB0aGUg + ZGlyZWN0b3J5IG11c3QgaGF2ZSBiZWVuIHByb2Nlc3NlZCB1c2luZyB0aGUgY19yZWhhc2ggdXRp + bGl0eSBzdXBwbGllZCB3aXRoIE9wZW5TU0wuCiAgICAgICAgICAgICAgICBpZiBwcmVmaXggPT0g + Imh0dHBzIiBhbmQgc2VsZi5fYXJnX3BhcnNlci5yZ3dfc2tpcF90bHM6CiAgICAgICAgICAgICAg + ICAgICAgdmVyaWZ5ID0gRmFsc2UKICAgICAgICAgICAgICAgICAgICByID0gcmVxdWVzdHMuaGVh + ZChlcCwgdGltZW91dD10aW1lb3V0LCB2ZXJpZnk9RmFsc2UpCiAgICAgICAgICAgICAgICBlbGlm + IHByZWZpeCA9PSAiaHR0cHMiIGFuZCBjZXJ0OgogICAgICAgICAgICAgICAgICAgIHZlcmlmeSA9 + IGNlcnQKICAgICAgICAgICAgICAgICAgICByID0gcmVxdWVzdHMuaGVhZChlcCwgdGltZW91dD10 + aW1lb3V0LCB2ZXJpZnk9Y2VydCkKICAgICAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAg + ICAgICAgciA9IHJlcXVlc3RzLmhlYWQoZXAsIHRpbWVvdXQ9dGltZW91dCkKICAgICAgICAgICAg + ICAgIGlmIHIuc3RhdHVzX2NvZGUgPT0gMjAwOgogICAgICAgICAgICAgICAgICAgIHJldHVybiBw + cmVmaXgsIHZlcmlmeSwgIiIKICAgICAgICAgICAgZXhjZXB0IEV4Y2VwdGlvbiBhcyBlcnI6CiAg + ICAgICAgICAgICAgICByZXNwb25zZV9lcnJvciA9IGVycgogICAgICAgICAgICAgICAgY29udGlu + dWUKICAgICAgICBzeXMuc3RkZXJyLndyaXRlKAogICAgICAgICAgICBmInVuYWJsZSB0byBjb25u + ZWN0IHRvIGVuZHBvaW50OiB7ZW5kcG9pbnRfc3RyfSwgZmFpbGVkIGVycm9yOiB7cmVzcG9uc2Vf + ZXJyb3J9IgogICAgICAgICkKICAgICAgICByZXR1cm4gKAogICAgICAgICAgICAiIiwKICAgICAg + ICAgICAgIiIsCiAgICAgICAgICAgICgiLTEiKSwKICAgICAgICApCgogICAgZGVmIF9faW5pdF9f + KHNlbGYsIGFyZ19saXN0PU5vbmUpOgogICAgICAgIHNlbGYub3V0X21hcCA9IHt9CiAgICAgICAg + c2VsZi5fZXhjbHVkZWRfa2V5cyA9IHNldCgpCiAgICAgICAgc2VsZi5fYXJnX3BhcnNlciA9IHNl + bGYuZ2VuX2FyZ19wYXJzZXIoYXJnc190b19wYXJzZT1hcmdfbGlzdCkKICAgICAgICBzZWxmLl9j + aGVja19jb25mbGljdGluZ19vcHRpb25zKCkKICAgICAgICBzZWxmLnJ1bl9hc191c2VyID0gc2Vs + Zi5fYXJnX3BhcnNlci5ydW5fYXNfdXNlcgogICAgICAgIHNlbGYub3V0cHV0X2ZpbGUgPSBzZWxm + Ll9hcmdfcGFyc2VyLm91dHB1dAogICAgICAgIHNlbGYuY2VwaF9jb25mID0gc2VsZi5fYXJnX3Bh + cnNlci5jZXBoX2NvbmYKICAgICAgICBzZWxmLmNlcGhfa2V5cmluZyA9IHNlbGYuX2FyZ19wYXJz + ZXIua2V5cmluZwogICAgICAgICMgaWYgdXNlciBub3QgcHJvdmlkZWQsIGdpdmUgYSBkZWZhdWx0 + IHVzZXIKICAgICAgICBpZiBub3Qgc2VsZi5ydW5fYXNfdXNlciBhbmQgbm90IHNlbGYuX2FyZ19w + YXJzZXIudXBncmFkZToKICAgICAgICAgICAgc2VsZi5ydW5fYXNfdXNlciA9IHNlbGYuRVhURVJO + QUxfVVNFUl9OQU1FCiAgICAgICAgaWYgbm90IHNlbGYuX2FyZ19wYXJzZXIucmd3X3Bvb2xfcHJl + Zml4IGFuZCBub3Qgc2VsZi5fYXJnX3BhcnNlci51cGdyYWRlOgogICAgICAgICAgICBzZWxmLl9h + cmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeCA9IHNlbGYuREVGQVVMVF9SR1dfUE9PTF9QUkVGSVgK + ICAgICAgICBpZiBzZWxmLmNlcGhfY29uZjoKICAgICAgICAgICAga3dhcmdzID0ge30KICAgICAg + ICAgICAgaWYgc2VsZi5jZXBoX2tleXJpbmc6CiAgICAgICAgICAgICAgICBrd2FyZ3NbImNvbmYi + XSA9IHsia2V5cmluZyI6IHNlbGYuY2VwaF9rZXlyaW5nfQogICAgICAgICAgICBzZWxmLmNsdXN0 + ZXIgPSByYWRvcy5SYWRvcyhjb25mZmlsZT1zZWxmLmNlcGhfY29uZiwgKiprd2FyZ3MpCiAgICAg + ICAgZWxzZToKICAgICAgICAgICAgc2VsZi5jbHVzdGVyID0gcmFkb3MuUmFkb3MoKQogICAgICAg + ICAgICBzZWxmLmNsdXN0ZXIuY29uZl9yZWFkX2ZpbGUoKQogICAgICAgIHNlbGYuY2x1c3Rlci5j + b25uZWN0KCkKCiAgICBkZWYgc2h1dGRvd24oc2VsZik6CiAgICAgICAgaWYgc2VsZi5jbHVzdGVy + LnN0YXRlID09ICJjb25uZWN0ZWQiOgogICAgICAgICAgICBzZWxmLmNsdXN0ZXIuc2h1dGRvd24o + KQoKICAgIGRlZiBnZXRfZnNpZChzZWxmKToKICAgICAgICBpZiBzZWxmLl9hcmdfcGFyc2VyLmRy + eV9ydW46CiAgICAgICAgICAgIHJldHVybiBzZWxmLmRyeV9ydW4oImNlcGggZnNpZCIpCiAgICAg + ICAgcmV0dXJuIHN0cihzZWxmLmNsdXN0ZXIuZ2V0X2ZzaWQoKSkKCiAgICBkZWYgX2NvbW1vbl9j + bWRfanNvbl9nZW4oc2VsZiwgY21kX2pzb24pOgogICAgICAgIGNtZCA9IGpzb24uZHVtcHMoY21k + X2pzb24sIHNvcnRfa2V5cz1UcnVlKQogICAgICAgIHJldF92YWwsIGNtZF9vdXQsIGVycl9tc2cg + PSBzZWxmLmNsdXN0ZXIubW9uX2NvbW1hbmQoY21kLCBiIiIpCiAgICAgICAgaWYgc2VsZi5fYXJn + X3BhcnNlci52ZXJib3NlOgogICAgICAgICAgICBwcmludChmIkNvbW1hbmQgSW5wdXQ6IHtjbWR9 + IikKICAgICAgICAgICAgcHJpbnQoCiAgICAgICAgICAgICAgICBmIlJldHVybiBWYWw6IHtyZXRf + dmFsfVxuQ29tbWFuZCBPdXRwdXQ6IHtjbWRfb3V0fVxuIgogICAgICAgICAgICAgICAgZiJFcnJv + ciBNZXNzYWdlOiB7ZXJyX21zZ31cbi0tLS0tLS0tLS1cbiIKICAgICAgICAgICAgKQogICAgICAg + IGpzb25fb3V0ID0ge30KICAgICAgICAjIGlmIHRoZXJlIGlzIG5vIGVycm9yIChpLmU7IHJldF92 + YWwgaXMgWkVSTykgYW5kICdjbWRfb3V0JyBpcyBub3QgZW1wdHkKICAgICAgICAjIHRoZW4gY29u + dmVydCAnY21kX291dCcgdG8gYSBqc29uIG91dHB1dAogICAgICAgIGlmIHJldF92YWwgPT0gMCBh + bmQgY21kX291dDoKICAgICAgICAgICAganNvbl9vdXQgPSBqc29uLmxvYWRzKGNtZF9vdXQpCiAg + ICAgICAgcmV0dXJuIHJldF92YWwsIGpzb25fb3V0LCBlcnJfbXNnCgogICAgZGVmIGdldF9jZXBo + X2V4dGVybmFsX21vbl9kYXRhKHNlbGYpOgogICAgICAgIGNtZF9qc29uID0geyJwcmVmaXgiOiAi + cXVvcnVtX3N0YXR1cyIsICJmb3JtYXQiOiAianNvbiJ9CiAgICAgICAgaWYgc2VsZi5fYXJnX3Bh + cnNlci5kcnlfcnVuOgogICAgICAgICAgICByZXR1cm4gc2VsZi5kcnlfcnVuKCJjZXBoICIgKyBj + bWRfanNvblsicHJlZml4Il0pCiAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBz + ZWxmLl9jb21tb25fY21kX2pzb25fZ2VuKGNtZF9qc29uKQogICAgICAgICMgaWYgdGhlcmUgaXMg + YW4gdW5zdWNjZXNzZnVsIGF0dGVtcHQsCiAgICAgICAgaWYgcmV0X3ZhbCAhPSAwIG9yIGxlbihq + c29uX291dCkgPT0gMDoKICAgICAgICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlv + bigKICAgICAgICAgICAgICAgICIncXVvcnVtX3N0YXR1cycgY29tbWFuZCBmYWlsZWQuXG4iCiAg + ICAgICAgICAgICAgICBmIkVycm9yOiB7ZXJyX21zZyBpZiByZXRfdmFsICE9IDAgZWxzZSBzZWxm + LkVNUFRZX09VVFBVVF9MSVNUfSIKICAgICAgICAgICAgKQogICAgICAgIHFfbGVhZGVyX25hbWUg + PSBqc29uX291dFsicXVvcnVtX2xlYWRlcl9uYW1lIl0KICAgICAgICBxX2xlYWRlcl9kZXRhaWxz + ID0ge30KICAgICAgICBxX2xlYWRlcl9tYXRjaGluZ19saXN0ID0gWwogICAgICAgICAgICBsIGZv + ciBsIGluIGpzb25fb3V0WyJtb25tYXAiXVsibW9ucyJdIGlmIGxbIm5hbWUiXSA9PSBxX2xlYWRl + cl9uYW1lCiAgICAgICAgXQogICAgICAgIGlmIGxlbihxX2xlYWRlcl9tYXRjaGluZ19saXN0KSA9 + PSAwOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKCJObyBtYXRj + aGluZyAnbW9uJyBkZXRhaWxzIGZvdW5kIikKICAgICAgICBxX2xlYWRlcl9kZXRhaWxzID0gcV9s + ZWFkZXJfbWF0Y2hpbmdfbGlzdFswXQogICAgICAgICMgZ2V0IHRoZSBhZGRyZXNzIHZlY3RvciBv + ZiB0aGUgcXVvcnVtLWxlYWRlcgogICAgICAgIHFfbGVhZGVyX2FkZHJ2ZWMgPSBxX2xlYWRlcl9k + ZXRhaWxzLmdldCgicHVibGljX2FkZHJzIiwge30pLmdldCgiYWRkcnZlYyIsIFtdKQogICAgICAg + ICMgaWYgdGhlIHF1b3J1bS1sZWFkZXIgaGFzIG9ubHkgb25lIGFkZHJlc3MgaW4gdGhlIGFkZHJl + c3MtdmVjdG9yCiAgICAgICAgIyBhbmQgaXQgaXMgb2YgdHlwZSAndjInIChpZTsgd2l0aCA8SVA+ + OjMzMDApLAogICAgICAgICMgcmFpc2UgYW4gZXhjZXB0aW9uIHRvIG1ha2UgdXNlciBhd2FyZSB0 + aGF0CiAgICAgICAgIyB0aGV5IGhhdmUgdG8gZW5hYmxlICd2MScgKGllOyB3aXRoIDxJUD46Njc4 + OSkgdHlwZSBhcyB3ZWxsCiAgICAgICAgaWYgbGVuKHFfbGVhZGVyX2FkZHJ2ZWMpID09IDEgYW5k + IHFfbGVhZGVyX2FkZHJ2ZWNbMF1bInR5cGUiXSA9PSAidjIiOgogICAgICAgICAgICByYWlzZSBF + eGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgIk9ubHkgJ3YyJyBhZGRy + ZXNzIHR5cGUgaXMgZW5hYmxlZCwgdXNlciBzaG91bGQgYWxzbyBlbmFibGUgJ3YxJyB0eXBlIGFz + IHdlbGwiCiAgICAgICAgICAgICkKICAgICAgICBpcF9hZGRyID0gc3RyKHFfbGVhZGVyX2RldGFp + bHNbInB1YmxpY19hZGRyIl0uc3BsaXQoIi8iKVswXSkKCiAgICAgICAgaWYgc2VsZi5fYXJnX3Bh + cnNlci52Ml9wb3J0X2VuYWJsZToKICAgICAgICAgICAgaWYgbGVuKHFfbGVhZGVyX2FkZHJ2ZWMp + ID4gMToKICAgICAgICAgICAgICAgIGlmIHFfbGVhZGVyX2FkZHJ2ZWNbMF1bInR5cGUiXSA9PSAi + djIiOgogICAgICAgICAgICAgICAgICAgIGlwX2FkZHIgPSBxX2xlYWRlcl9hZGRydmVjWzBdWyJh + ZGRyIl0KICAgICAgICAgICAgICAgIGVsaWYgcV9sZWFkZXJfYWRkcnZlY1sxXVsidHlwZSJdID09 + ICJ2MiI6CiAgICAgICAgICAgICAgICAgICAgaXBfYWRkciA9IHFfbGVhZGVyX2FkZHJ2ZWNbMV1b + ImFkZHIiXQogICAgICAgICAgICBlbHNlOgogICAgICAgICAgICAgICAgc3lzLnN0ZGVyci53cml0 + ZSgKICAgICAgICAgICAgICAgICAgICAiJ3YyJyBhZGRyZXNzIHR5cGUgbm90IHByZXNlbnQsIGFu + ZCAndjItcG9ydC1lbmFibGUnIGZsYWcgaXMgcHJvdmlkZWQiCiAgICAgICAgICAgICAgICApCgog + ICAgICAgIHJldHVybiBmIntzdHIocV9sZWFkZXJfbmFtZSl9PXtpcF9hZGRyfSIKCiAgICBkZWYg + X2NvbnZlcnRfaG9zdG5hbWVfdG9faXAoc2VsZiwgaG9zdF9uYW1lLCBwb3J0LCBpcF90eXBlKToK + ICAgICAgICAjIGlmICdjbHVzdGVyJyBpbnN0YW5jZSBpcyBhIGR1bW15IHR5cGUsCiAgICAgICAg + IyBjYWxsIHRoZSBkdW1teSBpbnN0YW5jZSdzICJjb252ZXJ0IiBtZXRob2QKICAgICAgICBpZiBu + b3QgaG9zdF9uYW1lOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9u + KCJFbXB0eSBob3N0bmFtZSBwcm92aWRlZCIpCiAgICAgICAgaWYgaXNpbnN0YW5jZShzZWxmLmNs + dXN0ZXIsIER1bW15UmFkb3MpOgogICAgICAgICAgICByZXR1cm4gc2VsZi5jbHVzdGVyLl9jb252 + ZXJ0X2hvc3RuYW1lX3RvX2lwKGhvc3RfbmFtZSkKCiAgICAgICAgaWYgaXBfdHlwZSA9PSAiRlFE + TiI6CiAgICAgICAgICAgICMgY2hlY2sgd2hpY2ggaXAgRlFETiBzaG91bGQgYmUgY29udmVydGVk + IHRvLCBJUHY0IG9yIElQdjYKICAgICAgICAgICAgIyBjaGVjayB0aGUgaG9zdCBpcCwgdGhlIGVu + ZHBvaW50IGlwIHR5cGUgd291bGQgYmUgc2ltaWxhciB0byBob3N0IGlwCiAgICAgICAgICAgIGNt + ZF9qc29uID0geyJwcmVmaXgiOiAib3JjaCBob3N0IGxzIiwgImZvcm1hdCI6ICJqc29uIn0KICAg + ICAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21tb25fY21kX2pz + b25fZ2VuKGNtZF9qc29uKQogICAgICAgICAgICAjIGlmIHRoZXJlIGlzIGFuIHVuc3VjY2Vzc2Z1 + bCBhdHRlbXB0LAogICAgICAgICAgICBpZiByZXRfdmFsICE9IDAgb3IgbGVuKGpzb25fb3V0KSA9 + PSAwOgogICAgICAgICAgICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAg + ICAgICAgICAgICAgICAgICAiJ29yY2ggaG9zdCBscycgY29tbWFuZCBmYWlsZWQuXG4iCiAgICAg + ICAgICAgICAgICAgICAgZiJFcnJvcjoge2Vycl9tc2cgaWYgcmV0X3ZhbCAhPSAwIGVsc2Ugc2Vs + Zi5FTVBUWV9PVVRQVVRfTElTVH0iCiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIGhvc3Rf + YWRkciA9IGpzb25fb3V0WzBdWyJhZGRyIl0KICAgICAgICAgICAgIyBhZGQgOjgwIHNhbXBsZSBw + b3J0IGluIGlwX3R5cGUsIGFzIF9pbnZhbGlkX2VuZHBvaW50IGFsc28gdmVyaWZ5IHBvcnQKICAg + ICAgICAgICAgaG9zdF9pcF90eXBlID0gc2VsZi5faW52YWxpZF9lbmRwb2ludChob3N0X2FkZHIg + KyAiOjgwIikKICAgICAgICAgICAgaW1wb3J0IHNvY2tldAoKICAgICAgICAgICAgIyBleGFtcGxl + IG91dHB1dCBbKDxBZGRyZXNzRmFtaWx5LkFGX0lORVQ6IDI+LCA8U29ja2V0S2luZC5TT0NLX1NU + UkVBTTogMT4sIDYsICcnLCAoJzkzLjE4NC4yMTYuMzQnLCA4MCkpLCAuLi5dCiAgICAgICAgICAg + ICMgd2UgbmVlZCB0byBnZXQgOTMuMTg0LjIxNi4zNCBzbyBpdCB3b3VsZCBiZSBpcFswXVs0XVsw + XQogICAgICAgICAgICBpZiBob3N0X2lwX3R5cGUgPT0gIklQdjYiOgogICAgICAgICAgICAgICAg + aXAgPSBzb2NrZXQuZ2V0YWRkcmluZm8oCiAgICAgICAgICAgICAgICAgICAgaG9zdF9uYW1lLCBw + b3J0LCBmYW1pbHk9c29ja2V0LkFGX0lORVQ2LCBwcm90bz1zb2NrZXQuSVBQUk9UT19UQ1AKICAg + ICAgICAgICAgICAgICkKICAgICAgICAgICAgZWxpZiBob3N0X2lwX3R5cGUgPT0gIklQdjQiOgog + ICAgICAgICAgICAgICAgaXAgPSBzb2NrZXQuZ2V0YWRkcmluZm8oCiAgICAgICAgICAgICAgICAg + ICAgaG9zdF9uYW1lLCBwb3J0LCBmYW1pbHk9c29ja2V0LkFGX0lORVQsIHByb3RvPXNvY2tldC5J + UFBST1RPX1RDUAogICAgICAgICAgICAgICAgKQogICAgICAgICAgICBkZWwgc29ja2V0CiAgICAg + ICAgICAgIHJldHVybiBpcFswXVs0XVswXQogICAgICAgIHJldHVybiBob3N0X25hbWUKCiAgICBk + ZWYgZ2V0X2FjdGl2ZV9hbmRfc3RhbmRieV9tZ3JzKHNlbGYpOgogICAgICAgIGlmIHNlbGYuX2Fy + Z19wYXJzZXIuZHJ5X3J1bjoKICAgICAgICAgICAgcmV0dXJuICIiLCBzZWxmLmRyeV9ydW4oImNl + cGggc3RhdHVzIikKICAgICAgICBtb25pdG9yaW5nX2VuZHBvaW50X3BvcnQgPSBzZWxmLl9hcmdf + cGFyc2VyLm1vbml0b3JpbmdfZW5kcG9pbnRfcG9ydAogICAgICAgIG1vbml0b3JpbmdfZW5kcG9p + bnRfaXBfbGlzdCA9IHNlbGYuX2FyZ19wYXJzZXIubW9uaXRvcmluZ19lbmRwb2ludAogICAgICAg + IHN0YW5kYnlfbWdycyA9IFtdCiAgICAgICAgaWYgbm90IG1vbml0b3JpbmdfZW5kcG9pbnRfaXBf + bGlzdDoKICAgICAgICAgICAgY21kX2pzb24gPSB7InByZWZpeCI6ICJzdGF0dXMiLCAiZm9ybWF0 + IjogImpzb24ifQogICAgICAgICAgICByZXRfdmFsLCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYu + X2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAgICAgICAgICMgaWYgdGhlcmUgaXMg + YW4gdW5zdWNjZXNzZnVsIGF0dGVtcHQsCiAgICAgICAgICAgIGlmIHJldF92YWwgIT0gMCBvciBs + ZW4oanNvbl9vdXQpID09IDA6CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJl + RXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICInbWdyIHNlcnZpY2VzJyBjb21tYW5kIGZh + aWxlZC5cbiIKICAgICAgICAgICAgICAgICAgICBmIkVycm9yOiB7ZXJyX21zZyBpZiByZXRfdmFs + ICE9IDAgZWxzZSBzZWxmLkVNUFRZX09VVFBVVF9MSVNUfSIKICAgICAgICAgICAgICAgICkKICAg + ICAgICAgICAgbW9uaXRvcmluZ19lbmRwb2ludCA9ICgKICAgICAgICAgICAgICAgIGpzb25fb3V0 + LmdldCgibWdybWFwIiwge30pLmdldCgic2VydmljZXMiLCB7fSkuZ2V0KCJwcm9tZXRoZXVzIiwg + IiIpCiAgICAgICAgICAgICkKICAgICAgICAgICAgaWYgbm90IG1vbml0b3JpbmdfZW5kcG9pbnQ6 + CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAg + ICAgICAgICAgICAgICJjYW4ndCBmaW5kIG1vbml0b3JpbmdfZW5kcG9pbnQsIHByb21ldGhldXMg + bW9kdWxlIG1pZ2h0IG5vdCBiZSBlbmFibGVkLCAiCiAgICAgICAgICAgICAgICAgICAgImVuYWJs + ZSB0aGUgbW9kdWxlIGJ5IHJ1bm5pbmcgJ2NlcGggbWdyIG1vZHVsZSBlbmFibGUgcHJvbWV0aGV1 + cyciCiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgICMgbm93IGNoZWNrIHRoZSBzdGFuZC1i + eSBtZ3ItcwogICAgICAgICAgICBzdGFuZGJ5X2FyciA9IGpzb25fb3V0LmdldCgibWdybWFwIiwg + e30pLmdldCgic3RhbmRieXMiLCBbXSkKICAgICAgICAgICAgZm9yIGVhY2hfc3RhbmRieSBpbiBz + dGFuZGJ5X2FycjoKICAgICAgICAgICAgICAgIGlmICJuYW1lIiBpbiBlYWNoX3N0YW5kYnkua2V5 + cygpOgogICAgICAgICAgICAgICAgICAgIHN0YW5kYnlfbWdycy5hcHBlbmQoZWFjaF9zdGFuZGJ5 + WyJuYW1lIl0pCiAgICAgICAgICAgIHRyeToKICAgICAgICAgICAgICAgIHBhcnNlZF9lbmRwb2lu + dCA9IHVybHBhcnNlKG1vbml0b3JpbmdfZW5kcG9pbnQpCiAgICAgICAgICAgIGV4Y2VwdCBWYWx1 + ZUVycm9yOgogICAgICAgICAgICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigK + ICAgICAgICAgICAgICAgICAgICBmImludmFsaWQgZW5kcG9pbnQ6IHttb25pdG9yaW5nX2VuZHBv + aW50fSIKICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgbW9uaXRvcmluZ19lbmRwb2ludF9p + cF9saXN0ID0gcGFyc2VkX2VuZHBvaW50Lmhvc3RuYW1lCiAgICAgICAgICAgIGlmIG5vdCBtb25p + dG9yaW5nX2VuZHBvaW50X3BvcnQ6CiAgICAgICAgICAgICAgICBtb25pdG9yaW5nX2VuZHBvaW50 + X3BvcnQgPSBzdHIocGFyc2VkX2VuZHBvaW50LnBvcnQpCgogICAgICAgICMgaWYgbW9uaXRvcmlu + ZyBlbmRwb2ludCBwb3J0IGlzIG5vdCBzZXQsIHB1dCBhIGRlZmF1bHQgbW9uIHBvcnQKICAgICAg + ICBpZiBub3QgbW9uaXRvcmluZ19lbmRwb2ludF9wb3J0OgogICAgICAgICAgICBtb25pdG9yaW5n + X2VuZHBvaW50X3BvcnQgPSBzZWxmLkRFRkFVTFRfTU9OSVRPUklOR19FTkRQT0lOVF9QT1JUCgog + ICAgICAgICMgdXNlciBjb3VsZCBnaXZlIGNvbW1hIGFuZCBzcGFjZSBzZXBhcmF0ZWQgaW5wdXRz + IChsaWtlIC0tbW9uaXRvcmluZy1lbmRwb2ludD0iPGlwMT4sIDxpcDI+IikKICAgICAgICBtb25p + dG9yaW5nX2VuZHBvaW50X2lwX2xpc3QgPSBtb25pdG9yaW5nX2VuZHBvaW50X2lwX2xpc3QucmVw + bGFjZSgiLCIsICIgIikKICAgICAgICBtb25pdG9yaW5nX2VuZHBvaW50X2lwX2xpc3Rfc3BsaXQg + PSBtb25pdG9yaW5nX2VuZHBvaW50X2lwX2xpc3Quc3BsaXQoKQogICAgICAgICMgaWYgbW9uaXRv + cmluZy1lbmRwb2ludCBjb3VsZCBub3QgYmUgZm91bmQsIHJhaXNlIGFuIGVycm9yCiAgICAgICAg + aWYgbGVuKG1vbml0b3JpbmdfZW5kcG9pbnRfaXBfbGlzdF9zcGxpdCkgPT0gMDoKICAgICAgICAg + ICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigiTm8gJ21vbml0b3JpbmctZW5kcG9p + bnQnIGZvdW5kIikKICAgICAgICAjIGZpcnN0IGlwIGlzIHRyZWF0ZWQgYXMgdGhlIG1haW4gbW9u + aXRvcmluZy1lbmRwb2ludAogICAgICAgIG1vbml0b3JpbmdfZW5kcG9pbnRfaXAgPSBtb25pdG9y + aW5nX2VuZHBvaW50X2lwX2xpc3Rfc3BsaXRbMF0KICAgICAgICAjIHJlc3Qgb2YgdGhlIGlwLXMg + YXJlIGFkZGVkIHRvIHRoZSAnc3RhbmRieV9tZ3JzJyBsaXN0CiAgICAgICAgc3RhbmRieV9tZ3Jz + LmV4dGVuZChtb25pdG9yaW5nX2VuZHBvaW50X2lwX2xpc3Rfc3BsaXRbMTpdKQogICAgICAgIGZh + aWxlZF9pcCA9IG1vbml0b3JpbmdfZW5kcG9pbnRfaXAKCiAgICAgICAgbW9uaXRvcmluZ19lbmRw + b2ludCA9ICI6Ii5qb2luKAogICAgICAgICAgICBbbW9uaXRvcmluZ19lbmRwb2ludF9pcCwgbW9u + aXRvcmluZ19lbmRwb2ludF9wb3J0XQogICAgICAgICkKICAgICAgICBpcF90eXBlID0gc2VsZi5f + aW52YWxpZF9lbmRwb2ludChtb25pdG9yaW5nX2VuZHBvaW50KQogICAgICAgIHRyeToKICAgICAg + ICAgICAgbW9uaXRvcmluZ19lbmRwb2ludF9pcCA9IHNlbGYuX2NvbnZlcnRfaG9zdG5hbWVfdG9f + aXAoCiAgICAgICAgICAgICAgICBtb25pdG9yaW5nX2VuZHBvaW50X2lwLCBtb25pdG9yaW5nX2Vu + ZHBvaW50X3BvcnQsIGlwX3R5cGUKICAgICAgICAgICAgKQogICAgICAgICAgICAjIGNvbGxlY3Qg + YWxsIHRoZSAnc3RhbmQtYnknIG1nciBpcHMKICAgICAgICAgICAgbWdyX2lwcyA9IFtdCiAgICAg + ICAgICAgIGZvciBlYWNoX3N0YW5kYnlfbWdyIGluIHN0YW5kYnlfbWdyczoKICAgICAgICAgICAg + ICAgIGZhaWxlZF9pcCA9IGVhY2hfc3RhbmRieV9tZ3IKICAgICAgICAgICAgICAgIG1ncl9pcHMu + YXBwZW5kKAogICAgICAgICAgICAgICAgICAgIHNlbGYuX2NvbnZlcnRfaG9zdG5hbWVfdG9faXAo + CiAgICAgICAgICAgICAgICAgICAgICAgIGVhY2hfc3RhbmRieV9tZ3IsIG1vbml0b3JpbmdfZW5k + cG9pbnRfcG9ydCwgaXBfdHlwZQogICAgICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgICAg + ICkKICAgICAgICBleGNlcHQ6CiAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNl + cHRpb24oCiAgICAgICAgICAgICAgICBmIkNvbnZlcnNpb24gb2YgaG9zdDoge2ZhaWxlZF9pcH0g + dG8gSVAgZmFpbGVkLiAiCiAgICAgICAgICAgICAgICAiUGxlYXNlIGVudGVyIHRoZSBJUCBhZGRy + ZXNzZXMgb2YgYWxsIHRoZSBjZXBoLW1ncnMgd2l0aCB0aGUgJy0tbW9uaXRvcmluZy1lbmRwb2lu + dCcgZmxhZyIKICAgICAgICAgICAgKQoKICAgICAgICBfLCBfLCBlcnIgPSBzZWxmLmVuZHBvaW50 + X2RpYWwobW9uaXRvcmluZ19lbmRwb2ludCwgaXBfdHlwZSkKICAgICAgICBpZiBlcnIgPT0gIi0x + IjoKICAgICAgICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbihlcnIpCiAgICAg + ICAgIyBhZGQgdGhlIHZhbGlkYXRlZCBhY3RpdmUgbWdyIElQIGludG8gdGhlIGZpcnN0IGluZGV4 + CiAgICAgICAgbWdyX2lwcy5pbnNlcnQoMCwgbW9uaXRvcmluZ19lbmRwb2ludF9pcCkKICAgICAg + ICBhbGxfbWdyX2lwc19zdHIgPSAiLCIuam9pbihtZ3JfaXBzKQogICAgICAgIHJldHVybiBhbGxf + bWdyX2lwc19zdHIsIG1vbml0b3JpbmdfZW5kcG9pbnRfcG9ydAoKICAgIGRlZiBjaGVja191c2Vy + X2V4aXN0KHNlbGYsIHVzZXIpOgogICAgICAgIGNtZF9qc29uID0geyJwcmVmaXgiOiAiYXV0aCBn + ZXQiLCAiZW50aXR5IjogZiJ7dXNlcn0iLCAiZm9ybWF0IjogImpzb24ifQogICAgICAgIHJldF92 + YWwsIGpzb25fb3V0LCBfID0gc2VsZi5fY29tbW9uX2NtZF9qc29uX2dlbihjbWRfanNvbikKICAg + ICAgICBpZiByZXRfdmFsICE9IDAgb3IgbGVuKGpzb25fb3V0KSA9PSAwOgogICAgICAgICAgICBy + ZXR1cm4gIiIKICAgICAgICByZXR1cm4gc3RyKGpzb25fb3V0WzBdWyJrZXkiXSkKCiAgICBkZWYg + Z2V0X2NlcGhmc19wcm92aXNpb25lcl9jYXBzX2FuZF9lbnRpdHkoc2VsZik6CiAgICAgICAgZW50 + aXR5ID0gImNsaWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyIgogICAgICAgIGNhcHMgPSB7CiAg + ICAgICAgICAgICJtb24iOiAiYWxsb3cgciwgYWxsb3cgY29tbWFuZCAnb3NkIGJsb2NrbGlzdCci + LAogICAgICAgICAgICAibWdyIjogImFsbG93IHJ3IiwKICAgICAgICAgICAgIm9zZCI6ICJhbGxv + dyBydyB0YWcgY2VwaGZzIG1ldGFkYXRhPSoiLAogICAgICAgIH0KICAgICAgICBpZiBzZWxmLl9h + cmdfcGFyc2VyLnJlc3RyaWN0ZWRfYXV0aF9wZXJtaXNzaW9uOgogICAgICAgICAgICBrOHNfY2x1 + c3Rlcl9uYW1lID0gc2VsZi5fYXJnX3BhcnNlci5rOHNfY2x1c3Rlcl9uYW1lCiAgICAgICAgICAg + IGlmIGs4c19jbHVzdGVyX25hbWUgPT0gIiI6CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRp + b25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICJrOHNfY2x1c3Rlcl9uYW1l + IG5vdCBmb3VuZCwgcGxlYXNlIHNldCB0aGUgJy0tazhzLWNsdXN0ZXItbmFtZScgZmxhZyIKICAg + ICAgICAgICAgICAgICkKICAgICAgICAgICAgY2VwaGZzX2ZpbGVzeXN0ZW0gPSBzZWxmLl9hcmdf + cGFyc2VyLmNlcGhmc19maWxlc3lzdGVtX25hbWUKICAgICAgICAgICAgaWYgY2VwaGZzX2ZpbGVz + eXN0ZW0gPT0gIiI6CiAgICAgICAgICAgICAgICBlbnRpdHkgPSBmIntlbnRpdHl9LXtrOHNfY2x1 + c3Rlcl9uYW1lfSIKICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgIGVudGl0eSA9IGYi + e2VudGl0eX0te2s4c19jbHVzdGVyX25hbWV9LXtjZXBoZnNfZmlsZXN5c3RlbX0iCiAgICAgICAg + ICAgICAgICBjYXBzWyJvc2QiXSA9IGYiYWxsb3cgcncgdGFnIGNlcGhmcyBtZXRhZGF0YT17Y2Vw + aGZzX2ZpbGVzeXN0ZW19IgoKICAgICAgICByZXR1cm4gY2FwcywgZW50aXR5CgogICAgZGVmIGdl + dF9jZXBoZnNfbm9kZV9jYXBzX2FuZF9lbnRpdHkoc2VsZik6CiAgICAgICAgZW50aXR5ID0gImNs + aWVudC5jc2ktY2VwaGZzLW5vZGUiCiAgICAgICAgY2FwcyA9IHsKICAgICAgICAgICAgIm1vbiI6 + ICJhbGxvdyByLCBhbGxvdyBjb21tYW5kICdvc2QgYmxvY2tsaXN0JyIsCiAgICAgICAgICAgICJt + Z3IiOiAiYWxsb3cgcnciLAogICAgICAgICAgICAib3NkIjogImFsbG93IHJ3IHRhZyBjZXBoZnMg + Kj0qIiwKICAgICAgICAgICAgIm1kcyI6ICJhbGxvdyBydyIsCiAgICAgICAgfQogICAgICAgIGlm + IHNlbGYuX2FyZ19wYXJzZXIucmVzdHJpY3RlZF9hdXRoX3Blcm1pc3Npb246CiAgICAgICAgICAg + IGs4c19jbHVzdGVyX25hbWUgPSBzZWxmLl9hcmdfcGFyc2VyLms4c19jbHVzdGVyX25hbWUKICAg + ICAgICAgICAgaWYgazhzX2NsdXN0ZXJfbmFtZSA9PSAiIjoKICAgICAgICAgICAgICAgIHJhaXNl + IEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAgICAgIms4c19jbHVz + dGVyX25hbWUgbm90IGZvdW5kLCBwbGVhc2Ugc2V0IHRoZSAnLS1rOHMtY2x1c3Rlci1uYW1lJyBm + bGFnIgogICAgICAgICAgICAgICAgKQogICAgICAgICAgICBjZXBoZnNfZmlsZXN5c3RlbSA9IHNl + bGYuX2FyZ19wYXJzZXIuY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZQogICAgICAgICAgICBpZiBjZXBo + ZnNfZmlsZXN5c3RlbSA9PSAiIjoKICAgICAgICAgICAgICAgIGVudGl0eSA9IGYie2VudGl0eX0t + e2s4c19jbHVzdGVyX25hbWV9IgogICAgICAgICAgICBlbHNlOgogICAgICAgICAgICAgICAgZW50 + aXR5ID0gZiJ7ZW50aXR5fS17azhzX2NsdXN0ZXJfbmFtZX0te2NlcGhmc19maWxlc3lzdGVtfSIK + ICAgICAgICAgICAgICAgIGNhcHNbIm9zZCJdID0gZiJhbGxvdyBydyB0YWcgY2VwaGZzICo9e2Nl + cGhmc19maWxlc3lzdGVtfSIKCiAgICAgICAgcmV0dXJuIGNhcHMsIGVudGl0eQoKICAgIGRlZiBn + ZXRfZW50aXR5KAogICAgICAgIHNlbGYsCiAgICAgICAgZW50aXR5LAogICAgICAgIHJiZF9wb29s + X25hbWUsCiAgICAgICAgYWxpYXNfcmJkX3Bvb2xfbmFtZSwKICAgICAgICBrOHNfY2x1c3Rlcl9u + YW1lLAogICAgICAgIHJhZG9zX25hbWVzcGFjZSwKICAgICk6CiAgICAgICAgaWYgKAogICAgICAg + ICAgICByYmRfcG9vbF9uYW1lLmNvdW50KCIuIikgIT0gMAogICAgICAgICAgICBvciByYmRfcG9v + bF9uYW1lLmNvdW50KCJfIikgIT0gMAogICAgICAgICAgICBvciBhbGlhc19yYmRfcG9vbF9uYW1l + ICE9ICIiCiAgICAgICAgICAgICMgY2hlY2tpbmcgYWxpYXNfcmJkX3Bvb2xfbmFtZSBpcyBub3Qg + ZW1wdHkgYXMgdGhlcmUgbWF5YmUgYSBzcGVjaWFsIGNoYXJhY3RlciB1c2VkIG90aGVyIHRoYW4g + LiBvciBfCiAgICAgICAgKToKICAgICAgICAgICAgaWYgYWxpYXNfcmJkX3Bvb2xfbmFtZSA9PSAi + IjoKICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAg + ICAgICAgICAgICAgICAgInBsZWFzZSBzZXQgdGhlICctLWFsaWFzLXJiZC1kYXRhLXBvb2wtbmFt + ZScgZmxhZyBhcyB0aGUgcmJkIGRhdGEgcG9vbCBuYW1lIGNvbnRhaW5zICcuJyBvciAnXyciCiAg + ICAgICAgICAgICAgICApCiAgICAgICAgICAgIGlmICgKICAgICAgICAgICAgICAgIGFsaWFzX3Ji + ZF9wb29sX25hbWUuY291bnQoIi4iKSAhPSAwCiAgICAgICAgICAgICAgICBvciBhbGlhc19yYmRf + cG9vbF9uYW1lLmNvdW50KCJfIikgIT0gMAogICAgICAgICAgICApOgogICAgICAgICAgICAgICAg + cmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgICAgICAiJy0t + YWxpYXMtcmJkLWRhdGEtcG9vbC1uYW1lJyBmbGFnIHZhbHVlIHNob3VsZCBub3QgY29udGFpbiAn + Licgb3IgJ18nIgogICAgICAgICAgICAgICAgKQogICAgICAgICAgICBlbnRpdHkgPSBmIntlbnRp + dHl9LXtrOHNfY2x1c3Rlcl9uYW1lfS17YWxpYXNfcmJkX3Bvb2xfbmFtZX0iCiAgICAgICAgZWxz + ZToKICAgICAgICAgICAgZW50aXR5ID0gZiJ7ZW50aXR5fS17azhzX2NsdXN0ZXJfbmFtZX0te3Ji + ZF9wb29sX25hbWV9IgoKICAgICAgICBpZiByYWRvc19uYW1lc3BhY2U6CiAgICAgICAgICAgIGVu + dGl0eSA9IGYie2VudGl0eX0te3JhZG9zX25hbWVzcGFjZX0iCiAgICAgICAgcmV0dXJuIGVudGl0 + eQoKICAgIGRlZiBnZXRfcmJkX3Byb3Zpc2lvbmVyX2NhcHNfYW5kX2VudGl0eShzZWxmKToKICAg + ICAgICBlbnRpdHkgPSAiY2xpZW50LmNzaS1yYmQtcHJvdmlzaW9uZXIiCiAgICAgICAgY2FwcyA9 + IHsKICAgICAgICAgICAgIm1vbiI6ICJwcm9maWxlIHJiZCwgYWxsb3cgY29tbWFuZCAnb3NkIGJs + b2NrbGlzdCciLAogICAgICAgICAgICAibWdyIjogImFsbG93IHJ3IiwKICAgICAgICAgICAgIm9z + ZCI6ICJwcm9maWxlIHJiZCIsCiAgICAgICAgfQogICAgICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIu + cmVzdHJpY3RlZF9hdXRoX3Blcm1pc3Npb246CiAgICAgICAgICAgIHJiZF9wb29sX25hbWUgPSBz + ZWxmLl9hcmdfcGFyc2VyLnJiZF9kYXRhX3Bvb2xfbmFtZQogICAgICAgICAgICBhbGlhc19yYmRf + cG9vbF9uYW1lID0gc2VsZi5fYXJnX3BhcnNlci5hbGlhc19yYmRfZGF0YV9wb29sX25hbWUKICAg + ICAgICAgICAgazhzX2NsdXN0ZXJfbmFtZSA9IHNlbGYuX2FyZ19wYXJzZXIuazhzX2NsdXN0ZXJf + bmFtZQogICAgICAgICAgICByYWRvc19uYW1lc3BhY2UgPSBzZWxmLl9hcmdfcGFyc2VyLnJhZG9z + X25hbWVzcGFjZQogICAgICAgICAgICBpZiByYmRfcG9vbF9uYW1lID09ICIiOgogICAgICAgICAg + ICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgICAg + ICAibWFuZGF0b3J5IGZsYWcgbm90IGZvdW5kLCBwbGVhc2Ugc2V0IHRoZSAnLS1yYmQtZGF0YS1w + b29sLW5hbWUnIGZsYWciCiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIGlmIGs4c19jbHVz + dGVyX25hbWUgPT0gIiI6CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhj + ZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICJtYW5kYXRvcnkgZmxhZyBub3QgZm91bmQsIHBs + ZWFzZSBzZXQgdGhlICctLWs4cy1jbHVzdGVyLW5hbWUnIGZsYWciCiAgICAgICAgICAgICAgICAp + CiAgICAgICAgICAgIGVudGl0eSA9IHNlbGYuZ2V0X2VudGl0eSgKICAgICAgICAgICAgICAgIGVu + dGl0eSwKICAgICAgICAgICAgICAgIHJiZF9wb29sX25hbWUsCiAgICAgICAgICAgICAgICBhbGlh + c19yYmRfcG9vbF9uYW1lLAogICAgICAgICAgICAgICAgazhzX2NsdXN0ZXJfbmFtZSwKICAgICAg + ICAgICAgICAgIHJhZG9zX25hbWVzcGFjZSwKICAgICAgICAgICAgKQogICAgICAgICAgICBpZiBy + YWRvc19uYW1lc3BhY2UgIT0gIiI6CiAgICAgICAgICAgICAgICBjYXBzWyJvc2QiXSA9ICgKICAg + ICAgICAgICAgICAgICAgICBmInByb2ZpbGUgcmJkIHBvb2w9e3JiZF9wb29sX25hbWV9IG5hbWVz + cGFjZT17cmFkb3NfbmFtZXNwYWNlfSIKICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgZWxz + ZToKICAgICAgICAgICAgICAgIGNhcHNbIm9zZCJdID0gZiJwcm9maWxlIHJiZCBwb29sPXtyYmRf + cG9vbF9uYW1lfSIKCiAgICAgICAgcmV0dXJuIGNhcHMsIGVudGl0eQoKICAgIGRlZiBnZXRfcmJk + X25vZGVfY2Fwc19hbmRfZW50aXR5KHNlbGYpOgogICAgICAgIGVudGl0eSA9ICJjbGllbnQuY3Np + LXJiZC1ub2RlIgogICAgICAgIGNhcHMgPSB7CiAgICAgICAgICAgICJtb24iOiAicHJvZmlsZSBy + YmQsIGFsbG93IGNvbW1hbmQgJ29zZCBibG9ja2xpc3QnIiwKICAgICAgICAgICAgIm9zZCI6ICJw + cm9maWxlIHJiZCIsCiAgICAgICAgfQogICAgICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIucmVzdHJp + Y3RlZF9hdXRoX3Blcm1pc3Npb246CiAgICAgICAgICAgIHJiZF9wb29sX25hbWUgPSBzZWxmLl9h + cmdfcGFyc2VyLnJiZF9kYXRhX3Bvb2xfbmFtZQogICAgICAgICAgICBhbGlhc19yYmRfcG9vbF9u + YW1lID0gc2VsZi5fYXJnX3BhcnNlci5hbGlhc19yYmRfZGF0YV9wb29sX25hbWUKICAgICAgICAg + ICAgazhzX2NsdXN0ZXJfbmFtZSA9IHNlbGYuX2FyZ19wYXJzZXIuazhzX2NsdXN0ZXJfbmFtZQog + ICAgICAgICAgICByYWRvc19uYW1lc3BhY2UgPSBzZWxmLl9hcmdfcGFyc2VyLnJhZG9zX25hbWVz + cGFjZQogICAgICAgICAgICBpZiByYmRfcG9vbF9uYW1lID09ICIiOgogICAgICAgICAgICAgICAg + cmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgICAgICAibWFu + ZGF0b3J5IGZsYWcgbm90IGZvdW5kLCBwbGVhc2Ugc2V0IHRoZSAnLS1yYmQtZGF0YS1wb29sLW5h + bWUnIGZsYWciCiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIGlmIGs4c19jbHVzdGVyX25h + bWUgPT0gIiI6CiAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9u + KAogICAgICAgICAgICAgICAgICAgICJtYW5kYXRvcnkgZmxhZyBub3QgZm91bmQsIHBsZWFzZSBz + ZXQgdGhlICctLWs4cy1jbHVzdGVyLW5hbWUnIGZsYWciCiAgICAgICAgICAgICAgICApCiAgICAg + ICAgICAgIGVudGl0eSA9IHNlbGYuZ2V0X2VudGl0eSgKICAgICAgICAgICAgICAgIGVudGl0eSwK + ICAgICAgICAgICAgICAgIHJiZF9wb29sX25hbWUsCiAgICAgICAgICAgICAgICBhbGlhc19yYmRf + cG9vbF9uYW1lLAogICAgICAgICAgICAgICAgazhzX2NsdXN0ZXJfbmFtZSwKICAgICAgICAgICAg + ICAgIHJhZG9zX25hbWVzcGFjZSwKICAgICAgICAgICAgKQogICAgICAgICAgICBpZiByYWRvc19u + YW1lc3BhY2UgIT0gIiI6CiAgICAgICAgICAgICAgICBjYXBzWyJvc2QiXSA9ICgKICAgICAgICAg + ICAgICAgICAgICBmInByb2ZpbGUgcmJkIHBvb2w9e3JiZF9wb29sX25hbWV9IG5hbWVzcGFjZT17 + cmFkb3NfbmFtZXNwYWNlfSIKICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgZWxzZToKICAg + ICAgICAgICAgICAgIGNhcHNbIm9zZCJdID0gZiJwcm9maWxlIHJiZCBwb29sPXtyYmRfcG9vbF9u + YW1lfSIKCiAgICAgICAgcmV0dXJuIGNhcHMsIGVudGl0eQoKICAgIGRlZiBnZXRfZGVmYXVsdFVz + ZXJfY2Fwc19hbmRfZW50aXR5KHNlbGYpOgogICAgICAgIGVudGl0eSA9IHNlbGYucnVuX2FzX3Vz + ZXIKICAgICAgICBjYXBzID0gewogICAgICAgICAgICAibW9uIjogImFsbG93IHIsIGFsbG93IGNv + bW1hbmQgcXVvcnVtX3N0YXR1cywgYWxsb3cgY29tbWFuZCB2ZXJzaW9uIiwKICAgICAgICAgICAg + Im1nciI6ICJhbGxvdyBjb21tYW5kIGNvbmZpZyIsCiAgICAgICAgICAgICJvc2QiOiBmInByb2Zp + bGUgcmJkLXJlYWQtb25seSwgYWxsb3cgcnd4IHBvb2w9e3NlbGYuX2FyZ19wYXJzZXIucmd3X3Bv + b2xfcHJlZml4fS5yZ3cubWV0YSwgYWxsb3cgciBwb29sPS5yZ3cucm9vdCwgYWxsb3cgcncgcG9v + bD17c2VsZi5fYXJnX3BhcnNlci5yZ3dfcG9vbF9wcmVmaXh9LnJndy5jb250cm9sLCBhbGxvdyBy + eCBwb29sPXtzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeH0ucmd3LmxvZywgYWxsb3cg + eCBwb29sPXtzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeH0ucmd3LmJ1Y2tldHMuaW5k + ZXgiLAogICAgICAgIH0KCiAgICAgICAgcmV0dXJuIGNhcHMsIGVudGl0eQoKICAgIGRlZiBnZXRf + Y2Fwc19hbmRfZW50aXR5KHNlbGYsIHVzZXJfbmFtZSk6CiAgICAgICAgaWYgImNsaWVudC5jc2kt + Y2VwaGZzLXByb3Zpc2lvbmVyIiBpbiB1c2VyX25hbWU6CiAgICAgICAgICAgIGlmICJjbGllbnQu + Y3NpLWNlcGhmcy1wcm92aXNpb25lciIgIT0gdXNlcl9uYW1lOgogICAgICAgICAgICAgICAgc2Vs + Zi5fYXJnX3BhcnNlci5yZXN0cmljdGVkX2F1dGhfcGVybWlzc2lvbiA9IFRydWUKICAgICAgICAg + ICAgcmV0dXJuIHNlbGYuZ2V0X2NlcGhmc19wcm92aXNpb25lcl9jYXBzX2FuZF9lbnRpdHkoKQog + ICAgICAgIGlmICJjbGllbnQuY3NpLWNlcGhmcy1ub2RlIiBpbiB1c2VyX25hbWU6CiAgICAgICAg + ICAgIGlmICJjbGllbnQuY3NpLWNlcGhmcy1ub2RlIiAhPSB1c2VyX25hbWU6CiAgICAgICAgICAg + ICAgICBzZWxmLl9hcmdfcGFyc2VyLnJlc3RyaWN0ZWRfYXV0aF9wZXJtaXNzaW9uID0gVHJ1ZQog + ICAgICAgICAgICByZXR1cm4gc2VsZi5nZXRfY2VwaGZzX25vZGVfY2Fwc19hbmRfZW50aXR5KCkK + ICAgICAgICBpZiAiY2xpZW50LmNzaS1yYmQtcHJvdmlzaW9uZXIiIGluIHVzZXJfbmFtZToKICAg + ICAgICAgICAgaWYgImNsaWVudC5jc2ktcmJkLXByb3Zpc2lvbmVyIiAhPSB1c2VyX25hbWU6CiAg + ICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLnJlc3RyaWN0ZWRfYXV0aF9wZXJtaXNzaW9u + ID0gVHJ1ZQogICAgICAgICAgICByZXR1cm4gc2VsZi5nZXRfcmJkX3Byb3Zpc2lvbmVyX2NhcHNf + YW5kX2VudGl0eSgpCiAgICAgICAgaWYgImNsaWVudC5jc2ktcmJkLW5vZGUiIGluIHVzZXJfbmFt + ZToKICAgICAgICAgICAgaWYgImNsaWVudC5jc2ktcmJkLW5vZGUiICE9IHVzZXJfbmFtZToKICAg + ICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIucmVzdHJpY3RlZF9hdXRoX3Blcm1pc3Npb24g + PSBUcnVlCiAgICAgICAgICAgIHJldHVybiBzZWxmLmdldF9yYmRfbm9kZV9jYXBzX2FuZF9lbnRp + dHkoKQogICAgICAgIGlmICJjbGllbnQuaGVhbHRoY2hlY2tlciIgaW4gdXNlcl9uYW1lOgogICAg + ICAgICAgICBpZiAiY2xpZW50LmhlYWx0aGNoZWNrZXIiICE9IHVzZXJfbmFtZToKICAgICAgICAg + ICAgICAgIHNlbGYuX2FyZ19wYXJzZXIucmVzdHJpY3RlZF9hdXRoX3Blcm1pc3Npb24gPSBUcnVl + CiAgICAgICAgICAgIHJldHVybiBzZWxmLmdldF9kZWZhdWx0VXNlcl9jYXBzX2FuZF9lbnRpdHko + KQoKICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICBm + Im5vIHVzZXIgZm91bmQgd2l0aCB1c2VyX25hbWU6IHt1c2VyX25hbWV9LCAiCiAgICAgICAgICAg + ICJnZXRfY2Fwc19hbmRfZW50aXR5IGNvbW1hbmQgZmFpbGVkLlxuIgogICAgICAgICkKCiAgICBk + ZWYgY3JlYXRlX2NlcGhDU0lLZXlyaW5nX3VzZXIoc2VsZiwgdXNlcik6CiAgICAgICAgIiIiCiAg + ICAgICAgY29tbWFuZDogY2VwaCBhdXRoIGdldC1vci1jcmVhdGUgY2xpZW50LmNzaS1jZXBoZnMt + cHJvdmlzaW9uZXIgbW9uICdhbGxvdyByJyBtZ3IgJ2FsbG93IHJ3JyBvc2QgJ2FsbG93IHJ3IHRh + ZyBjZXBoZnMgbWV0YWRhdGE9KicKICAgICAgICAiIiIKICAgICAgICBjYXBzLCBlbnRpdHkgPSBz + ZWxmLmdldF9jYXBzX2FuZF9lbnRpdHkodXNlcikKICAgICAgICBjbWRfanNvbiA9IHsKICAgICAg + ICAgICAgInByZWZpeCI6ICJhdXRoIGdldC1vci1jcmVhdGUiLAogICAgICAgICAgICAiZW50aXR5 + IjogZW50aXR5LAogICAgICAgICAgICAiY2FwcyI6IFtjYXAgZm9yIGNhcF9saXN0IGluIGxpc3Qo + Y2Fwcy5pdGVtcygpKSBmb3IgY2FwIGluIGNhcF9saXN0XSwKICAgICAgICAgICAgImZvcm1hdCI6 + ICJqc29uIiwKICAgICAgICB9CgogICAgICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIuZHJ5X3J1bjoK + ICAgICAgICAgICAgcmV0dXJuICgKICAgICAgICAgICAgICAgIHNlbGYuZHJ5X3J1bigKICAgICAg + ICAgICAgICAgICAgICAiY2VwaCAiCiAgICAgICAgICAgICAgICAgICAgKyBjbWRfanNvblsicHJl + Zml4Il0KICAgICAgICAgICAgICAgICAgICArICIgIgogICAgICAgICAgICAgICAgICAgICsgY21k + X2pzb25bImVudGl0eSJdCiAgICAgICAgICAgICAgICAgICAgKyAiICIKICAgICAgICAgICAgICAg + ICAgICArICIgIi5qb2luKGNtZF9qc29uWyJjYXBzIl0pCiAgICAgICAgICAgICAgICApLAogICAg + ICAgICAgICAgICAgIiIsCiAgICAgICAgICAgICkKICAgICAgICAjIGNoZWNrIGlmIHVzZXIgYWxy + ZWFkeSBleGlzdAogICAgICAgIHVzZXJfa2V5ID0gc2VsZi5jaGVja191c2VyX2V4aXN0KGVudGl0 + eSkKICAgICAgICBpZiB1c2VyX2tleSAhPSAiIjoKICAgICAgICAgICAgcmV0dXJuIHVzZXJfa2V5 + LCBmIntlbnRpdHkuc3BsaXQoJy4nLCAxKVsxXX0iCiAgICAgICAgICAgICMgZW50aXR5LnNwbGl0 + KCcuJywxKVsxXSB0byByZW5hbWUgZW50aXR5KGNsaWVudC5jc2ktcmJkLW5vZGUpIGFzIGNzaS1y + YmQtbm9kZQoKICAgICAgICByZXRfdmFsLCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1v + bl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAgICAgIyBpZiB0aGVyZSBpcyBhbiB1bnN1Y2Nl + c3NmdWwgYXR0ZW1wdCwKICAgICAgICBpZiByZXRfdmFsICE9IDAgb3IgbGVuKGpzb25fb3V0KSA9 + PSAwOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAg + ICAgICAgICAgZiInYXV0aCBnZXQtb3ItY3JlYXRlIHt1c2VyfScgY29tbWFuZCBmYWlsZWQuXG4i + CiAgICAgICAgICAgICAgICBmIkVycm9yOiB7ZXJyX21zZyBpZiByZXRfdmFsICE9IDAgZWxzZSBz + ZWxmLkVNUFRZX09VVFBVVF9MSVNUfSIKICAgICAgICAgICAgKQogICAgICAgIHJldHVybiBzdHIo + anNvbl9vdXRbMF1bImtleSJdKSwgZiJ7ZW50aXR5LnNwbGl0KCcuJywgMSlbMV19IgogICAgICAg + ICMgZW50aXR5LnNwbGl0KCcuJywxKVsxXSB0byByZW5hbWUgZW50aXR5KGNsaWVudC5jc2ktcmJk + LW5vZGUpIGFzIGNzaS1yYmQtbm9kZQoKICAgIGRlZiBnZXRfY2VwaGZzX2RhdGFfcG9vbF9kZXRh + aWxzKHNlbGYpOgogICAgICAgIGNtZF9qc29uID0geyJwcmVmaXgiOiAiZnMgbHMiLCAiZm9ybWF0 + IjogImpzb24ifQogICAgICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIuZHJ5X3J1bjoKICAgICAgICAg + ICAgcmV0dXJuIHNlbGYuZHJ5X3J1bigiY2VwaCAiICsgY21kX2pzb25bInByZWZpeCJdKQogICAg + ICAgIHJldF92YWwsIGpzb25fb3V0LCBlcnJfbXNnID0gc2VsZi5fY29tbW9uX2NtZF9qc29uX2dl + bihjbWRfanNvbikKICAgICAgICAjIGlmIHRoZXJlIGlzIGFuIHVuc3VjY2Vzc2Z1bCBhdHRlbXB0 + LCByZXBvcnQgYW4gZXJyb3IKICAgICAgICBpZiByZXRfdmFsICE9IDA6CiAgICAgICAgICAgICMg + aWYgZnMgYW5kIGRhdGFfcG9vbCBhcmd1bWVudHMgYXJlIG5vdCBzZXQsIHNpbGVudGx5IHJldHVy + bgogICAgICAgICAgICBpZiAoCiAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLmNlcGhm + c19maWxlc3lzdGVtX25hbWUgPT0gIiIKICAgICAgICAgICAgICAgIGFuZCBzZWxmLl9hcmdfcGFy + c2VyLmNlcGhmc19kYXRhX3Bvb2xfbmFtZSA9PSAiIgogICAgICAgICAgICApOgogICAgICAgICAg + ICAgICAgcmV0dXJuCiAgICAgICAgICAgICMgaWYgdXNlciBoYXMgcHJvdmlkZWQgYW55IG9mIHRo + ZQogICAgICAgICAgICAjICctLWNlcGhmcy1maWxlc3lzdGVtLW5hbWUnIG9yICctLWNlcGhmcy1k + YXRhLXBvb2wtbmFtZScgYXJndW1lbnRzLAogICAgICAgICAgICAjIHJhaXNlIGFuIGV4Y2VwdGlv + biBhcyB3ZSBhcmUgdW5hYmxlIHRvIHZlcmlmeSB0aGUgYXJncwogICAgICAgICAgICByYWlzZSBF + eGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgZiInZnMgbHMnIGNlcGgg + Y2FsbCBmYWlsZWQgd2l0aCBlcnJvcjoge2Vycl9tc2d9IgogICAgICAgICAgICApCgogICAgICAg + IG1hdGNoaW5nX2pzb25fb3V0ID0ge30KICAgICAgICAjIGlmICctLWNlcGhmcy1maWxlc3lzdGVt + LW5hbWUnIGFyZ3VtZW50IGlzIHByb3ZpZGVkLAogICAgICAgICMgY2hlY2sgd2hldGhlciB0aGUg + cHJvdmlkZWQgZmlsZXN5c3RlbS1uYW1lIGV4aXN0cyBvciBub3QKICAgICAgICBpZiBzZWxmLl9h + cmdfcGFyc2VyLmNlcGhmc19maWxlc3lzdGVtX25hbWU6CiAgICAgICAgICAgICMgZ2V0IHRoZSBt + YXRjaGluZyBsaXN0CiAgICAgICAgICAgIG1hdGNoaW5nX2pzb25fb3V0X2xpc3QgPSBbCiAgICAg + ICAgICAgICAgICBtYXRjaGVkCiAgICAgICAgICAgICAgICBmb3IgbWF0Y2hlZCBpbiBqc29uX291 + dAogICAgICAgICAgICAgICAgaWYgc3RyKG1hdGNoZWRbIm5hbWUiXSkgPT0gc2VsZi5fYXJnX3Bh + cnNlci5jZXBoZnNfZmlsZXN5c3RlbV9uYW1lCiAgICAgICAgICAgIF0KICAgICAgICAgICAgIyB1 + bmFibGUgdG8gZmluZCBhIG1hdGNoaW5nIGZzLW5hbWUsIHJhaXNlIGFuIGVycm9yCiAgICAgICAg + ICAgIGlmIGxlbihtYXRjaGluZ19qc29uX291dF9saXN0KSA9PSAwOgogICAgICAgICAgICAgICAg + cmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgICAgICBmIkZp + bGVzeXN0ZW0gcHJvdmlkZWQsICd7c2VsZi5fYXJnX3BhcnNlci5jZXBoZnNfZmlsZXN5c3RlbV9u + YW1lfScsICIKICAgICAgICAgICAgICAgICAgICBmImlzIG5vdCBmb3VuZCBpbiB0aGUgZnMtbGlz + dDoge1tzdHIoeFsnbmFtZSddKSBmb3IgeCBpbiBqc29uX291dF19IgogICAgICAgICAgICAgICAg + KQogICAgICAgICAgICBtYXRjaGluZ19qc29uX291dCA9IG1hdGNoaW5nX2pzb25fb3V0X2xpc3Rb + MF0KICAgICAgICAjIGlmIGNlcGhmcyBmaWxlc3lzdGVtIG5hbWUgaXMgbm90IHByb3ZpZGVkLAog + ICAgICAgICMgdHJ5IHRvIGdldCBhIGRlZmF1bHQgZnMgbmFtZSBieSBkb2luZyB0aGUgZm9sbG93 + aW5nCiAgICAgICAgZWxzZToKICAgICAgICAgICAgIyBhLiBjaGVjayBpZiB0aGVyZSBpcyBvbmx5 + IG9uZSBmaWxlc3lzdGVtIGlzIHByZXNlbnQKICAgICAgICAgICAgaWYgbGVuKGpzb25fb3V0KSA9 + PSAxOgogICAgICAgICAgICAgICAgbWF0Y2hpbmdfanNvbl9vdXQgPSBqc29uX291dFswXQogICAg + ICAgICAgICAjIGIuIG9yIGVsc2UsIGNoZWNrIGlmIGRhdGFfcG9vbCBuYW1lIGlzIHByb3ZpZGVk + CiAgICAgICAgICAgIGVsaWYgc2VsZi5fYXJnX3BhcnNlci5jZXBoZnNfZGF0YV9wb29sX25hbWU6 + CiAgICAgICAgICAgICAgICAjIGFuZCBpZiBwcmVzZW50LCBjaGVjayB3aGV0aGVyIHRoZXJlIGV4 + aXN0cyBhIGZzIHdoaWNoIGhhcyB0aGUgZGF0YV9wb29sCiAgICAgICAgICAgICAgICBmb3IgZWFj + aEogaW4ganNvbl9vdXQ6CiAgICAgICAgICAgICAgICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5j + ZXBoZnNfZGF0YV9wb29sX25hbWUgaW4gZWFjaEpbImRhdGFfcG9vbHMiXToKICAgICAgICAgICAg + ICAgICAgICAgICAgbWF0Y2hpbmdfanNvbl9vdXQgPSBlYWNoSgogICAgICAgICAgICAgICAgICAg + ICAgICBicmVhawogICAgICAgICAgICAgICAgIyBpZiB0aGVyZSBpcyBubyBtYXRjaGluZyBmcyBl + eGlzdHMsIHRoYXQgbWVhbnMgcHJvdmlkZWQgZGF0YV9wb29sIG5hbWUgaXMgaW52YWxpZAogICAg + ICAgICAgICAgICAgaWYgbm90IG1hdGNoaW5nX2pzb25fb3V0OgogICAgICAgICAgICAgICAgICAg + IHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICAgICAgICAg + IGYiUHJvdmlkZWQgZGF0YV9wb29sIG5hbWUsIHtzZWxmLl9hcmdfcGFyc2VyLmNlcGhmc19kYXRh + X3Bvb2xfbmFtZX0sIgogICAgICAgICAgICAgICAgICAgICAgICAiIGRvZXMgbm90IGV4aXN0cyIK + ICAgICAgICAgICAgICAgICAgICApCiAgICAgICAgICAgICMgYy4gaWYgbm90aGluZyBpcyBzZXQg + YW5kIGNvdWxkbid0IGZpbmQgYSBkZWZhdWx0LAogICAgICAgICAgICBlbHNlOgogICAgICAgICAg + ICAgICAgIyBqdXN0IHJldHVybiBzaWxlbnRseQogICAgICAgICAgICAgICAgcmV0dXJuCgogICAg + ICAgIGlmIG1hdGNoaW5nX2pzb25fb3V0OgogICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLmNl + cGhmc19maWxlc3lzdGVtX25hbWUgPSBzdHIobWF0Y2hpbmdfanNvbl9vdXRbIm5hbWUiXSkKICAg + ICAgICAgICAgc2VsZi5fYXJnX3BhcnNlci5jZXBoZnNfbWV0YWRhdGFfcG9vbF9uYW1lID0gc3Ry + KAogICAgICAgICAgICAgICAgbWF0Y2hpbmdfanNvbl9vdXRbIm1ldGFkYXRhX3Bvb2wiXQogICAg + ICAgICAgICApCgogICAgICAgIGlmIGlzaW5zdGFuY2UobWF0Y2hpbmdfanNvbl9vdXRbImRhdGFf + cG9vbHMiXSwgbGlzdCk6CiAgICAgICAgICAgICMgaWYgdGhlIHVzZXIgaGFzIGFscmVhZHkgcHJv + dmlkZWQgZGF0YS1wb29sLW5hbWUsCiAgICAgICAgICAgICMgdGhyb3VnaCAtLWNlcGhmcy1kYXRh + LXBvb2wtbmFtZQogICAgICAgICAgICBpZiBzZWxmLl9hcmdfcGFyc2VyLmNlcGhmc19kYXRhX3Bv + b2xfbmFtZToKICAgICAgICAgICAgICAgICMgaWYgdGhlIHByb3ZpZGVkIG5hbWUgaXMgbm90IG1h + dGNoaW5nIHdpdGggdGhlIG9uZSBpbiB0aGUgbGlzdAogICAgICAgICAgICAgICAgaWYgKAogICAg + ICAgICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIuY2VwaGZzX2RhdGFfcG9vbF9uYW1lCiAg + ICAgICAgICAgICAgICAgICAgbm90IGluIG1hdGNoaW5nX2pzb25fb3V0WyJkYXRhX3Bvb2xzIl0K + ICAgICAgICAgICAgICAgICk6CiAgICAgICAgICAgICAgICAgICAgcmFpc2UgRXhlY3V0aW9uRmFp + bHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgICAgICAgICAgZiJQcm92aWRlZCBkYXRhLXBv + b2wtbmFtZTogJ3tzZWxmLl9hcmdfcGFyc2VyLmNlcGhmc19kYXRhX3Bvb2xfbmFtZX0nLCAiCiAg + ICAgICAgICAgICAgICAgICAgICAgICJkb2Vzbid0IG1hdGNoIGZyb20gdGhlIGRhdGEtcG9vbHMg + bGlzdDogIgogICAgICAgICAgICAgICAgICAgICAgICBmIntbc3RyKHgpIGZvciB4IGluIG1hdGNo + aW5nX2pzb25fb3V0WydkYXRhX3Bvb2xzJ11dfSIKICAgICAgICAgICAgICAgICAgICApCiAgICAg + ICAgICAgICMgaWYgZGF0YV9wb29sIG5hbWUgaXMgbm90IHByb3ZpZGVkLAogICAgICAgICAgICAj + IHRoZW4gdHJ5IHRvIGZpbmQgYSBkZWZhdWx0IGRhdGEgcG9vbCBuYW1lCiAgICAgICAgICAgIGVs + c2U6CiAgICAgICAgICAgICAgICAjIGlmIG5vIGRhdGFfcG9vbHMgZXhpc3QsIHNpbGVudGx5IHJl + dHVybgogICAgICAgICAgICAgICAgaWYgbGVuKG1hdGNoaW5nX2pzb25fb3V0WyJkYXRhX3Bvb2xz + Il0pID09IDA6CiAgICAgICAgICAgICAgICAgICAgcmV0dXJuCiAgICAgICAgICAgICAgICBzZWxm + Ll9hcmdfcGFyc2VyLmNlcGhmc19kYXRhX3Bvb2xfbmFtZSA9IHN0cigKICAgICAgICAgICAgICAg + ICAgICBtYXRjaGluZ19qc29uX291dFsiZGF0YV9wb29scyJdWzBdCiAgICAgICAgICAgICAgICAp + CiAgICAgICAgICAgICMgaWYgdGhlcmUgYXJlIG1vcmUgdGhhbiBvbmUgJ2RhdGFfcG9vbHMnIGV4 + aXN0LAogICAgICAgICAgICAjIHRoZW4gd2FybiB0aGUgdXNlciB0aGF0IHdlIGFyZSB1c2luZyB0 + aGUgc2VsZWN0ZWQgbmFtZQogICAgICAgICAgICBpZiBsZW4obWF0Y2hpbmdfanNvbl9vdXRbImRh + dGFfcG9vbHMiXSkgPiAxOgogICAgICAgICAgICAgICAgcHJpbnQoCiAgICAgICAgICAgICAgICAg + ICAgIldBUk5JTkc6IE11bHRpcGxlIGRhdGEgcG9vbHMgZGV0ZWN0ZWQ6ICIKICAgICAgICAgICAg + ICAgICAgICBmIntbc3RyKHgpIGZvciB4IGluIG1hdGNoaW5nX2pzb25fb3V0WydkYXRhX3Bvb2xz + J11dfVxuIgogICAgICAgICAgICAgICAgICAgIGYiVXNpbmcgdGhlIGRhdGEtcG9vbDogJ3tzZWxm + Ll9hcmdfcGFyc2VyLmNlcGhmc19kYXRhX3Bvb2xfbmFtZX0nXG4iCiAgICAgICAgICAgICAgICAp + CgogICAgZGVmIGNyZWF0ZV9jaGVja2VyS2V5KHNlbGYsIHVzZXIpOgogICAgICAgIGNhcHMsIGVu + dGl0eSA9IHNlbGYuZ2V0X2NhcHNfYW5kX2VudGl0eSh1c2VyKQogICAgICAgIGNtZF9qc29uID0g + ewogICAgICAgICAgICAicHJlZml4IjogImF1dGggZ2V0LW9yLWNyZWF0ZSIsCiAgICAgICAgICAg + ICJlbnRpdHkiOiBlbnRpdHksCiAgICAgICAgICAgICJjYXBzIjogW2NhcCBmb3IgY2FwX2xpc3Qg + aW4gbGlzdChjYXBzLml0ZW1zKCkpIGZvciBjYXAgaW4gY2FwX2xpc3RdLAogICAgICAgICAgICAi + Zm9ybWF0IjogImpzb24iLAogICAgICAgIH0KCiAgICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5k + cnlfcnVuOgogICAgICAgICAgICByZXR1cm4gc2VsZi5kcnlfcnVuKAogICAgICAgICAgICAgICAg + ImNlcGggIgogICAgICAgICAgICAgICAgKyBjbWRfanNvblsicHJlZml4Il0KICAgICAgICAgICAg + ICAgICsgIiAiCiAgICAgICAgICAgICAgICArIGNtZF9qc29uWyJlbnRpdHkiXQogICAgICAgICAg + ICAgICAgKyAiICIKICAgICAgICAgICAgICAgICsgIiAiLmpvaW4oY21kX2pzb25bImNhcHMiXSkK + ICAgICAgICAgICAgKQogICAgICAgICMgY2hlY2sgaWYgdXNlciBhbHJlYWR5IGV4aXN0CiAgICAg + ICAgdXNlcl9rZXkgPSBzZWxmLmNoZWNrX3VzZXJfZXhpc3QoZW50aXR5KQogICAgICAgIGlmIHVz + ZXJfa2V5ICE9ICIiOgogICAgICAgICAgICByZXR1cm4gdXNlcl9rZXkKCiAgICAgICAgcmV0X3Zh + bCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21tb25fY21kX2pzb25fZ2VuKGNtZF9qc29u + KQogICAgICAgICMgaWYgdGhlcmUgaXMgYW4gdW5zdWNjZXNzZnVsIGF0dGVtcHQsCiAgICAgICAg + aWYgcmV0X3ZhbCAhPSAwIG9yIGxlbihqc29uX291dCkgPT0gMDoKICAgICAgICAgICAgcmFpc2Ug + RXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgIGYiJ2F1dGggZ2V0LW9y + LWNyZWF0ZSB7c2VsZi5ydW5fYXNfdXNlcn0nIGNvbW1hbmQgZmFpbGVkXG4iCiAgICAgICAgICAg + ICAgICBmIkVycm9yOiB7ZXJyX21zZyBpZiByZXRfdmFsICE9IDAgZWxzZSBzZWxmLkVNUFRZX09V + VFBVVF9MSVNUfSIKICAgICAgICAgICAgKQogICAgICAgIHJldHVybiBzdHIoanNvbl9vdXRbMF1b + ImtleSJdKQoKICAgIGRlZiBnZXRfY2VwaF9kYXNoYm9hcmRfbGluayhzZWxmKToKICAgICAgICBj + bWRfanNvbiA9IHsicHJlZml4IjogIm1nciBzZXJ2aWNlcyIsICJmb3JtYXQiOiAianNvbiJ9CiAg + ICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5kcnlfcnVuOgogICAgICAgICAgICByZXR1cm4gc2Vs + Zi5kcnlfcnVuKCJjZXBoICIgKyBjbWRfanNvblsicHJlZml4Il0pCiAgICAgICAgcmV0X3ZhbCwg + anNvbl9vdXQsIF8gPSBzZWxmLl9jb21tb25fY21kX2pzb25fZ2VuKGNtZF9qc29uKQogICAgICAg + ICMgaWYgdGhlcmUgaXMgYW4gdW5zdWNjZXNzZnVsIGF0dGVtcHQsCiAgICAgICAgaWYgcmV0X3Zh + bCAhPSAwIG9yIGxlbihqc29uX291dCkgPT0gMDoKICAgICAgICAgICAgcmV0dXJuIE5vbmUKICAg + ICAgICBpZiAiZGFzaGJvYXJkIiBub3QgaW4ganNvbl9vdXQ6CiAgICAgICAgICAgIHJldHVybiBO + b25lCiAgICAgICAgcmV0dXJuIGpzb25fb3V0WyJkYXNoYm9hcmQiXQoKICAgIGRlZiBjcmVhdGVf + cmd3X2FkbWluX29wc191c2VyKHNlbGYpOgogICAgICAgIGNtZCA9IFsKICAgICAgICAgICAgInJh + ZG9zZ3ctYWRtaW4iLAogICAgICAgICAgICAidXNlciIsCiAgICAgICAgICAgICJjcmVhdGUiLAog + ICAgICAgICAgICAiLS11aWQiLAogICAgICAgICAgICBzZWxmLkVYVEVSTkFMX1JHV19BRE1JTl9P + UFNfVVNFUl9OQU1FLAogICAgICAgICAgICAiLS1kaXNwbGF5LW5hbWUiLAogICAgICAgICAgICAi + Um9vayBSR1cgQWRtaW4gT3BzIHVzZXIiLAogICAgICAgICAgICAiLS1jYXBzIiwKICAgICAgICAg + ICAgImJ1Y2tldHM9Kjt1c2Vycz0qO3VzYWdlPXJlYWQ7bWV0YWRhdGE9cmVhZDt6b25lPXJlYWQi + LAogICAgICAgICAgICAiLS1yZ3ctcmVhbG0iLAogICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2Vy + LnJnd19yZWFsbV9uYW1lLAogICAgICAgICAgICAiLS1yZ3ctem9uZWdyb3VwIiwKICAgICAgICAg + ICAgc2VsZi5fYXJnX3BhcnNlci5yZ3dfem9uZWdyb3VwX25hbWUsCiAgICAgICAgICAgICItLXJn + dy16b25lIiwKICAgICAgICAgICAgc2VsZi5fYXJnX3BhcnNlci5yZ3dfem9uZV9uYW1lLAogICAg + ICAgIF0KICAgICAgICBpZiBzZWxmLl9hcmdfcGFyc2VyLmRyeV9ydW46CiAgICAgICAgICAgIHJl + dHVybiBzZWxmLmRyeV9ydW4oImNlcGggIiArICIgIi5qb2luKGNtZCkpCiAgICAgICAgdHJ5Ogog + ICAgICAgICAgICBvdXRwdXQgPSBzdWJwcm9jZXNzLmNoZWNrX291dHB1dChjbWQsIHN0ZGVycj1z + dWJwcm9jZXNzLlBJUEUpCiAgICAgICAgZXhjZXB0IHN1YnByb2Nlc3MuQ2FsbGVkUHJvY2Vzc0Vy + cm9yIGFzIGV4ZWNFcnI6CiAgICAgICAgICAgICMgaWYgdGhlIHVzZXIgYWxyZWFkeSBleGlzdHMs + IHdlIGp1c3QgcXVlcnkgaXQKICAgICAgICAgICAgaWYgZXhlY0Vyci5yZXR1cm5jb2RlID09IGVy + cm5vLkVFWElTVDoKICAgICAgICAgICAgICAgIGNtZCA9IFsKICAgICAgICAgICAgICAgICAgICAi + cmFkb3Nndy1hZG1pbiIsCiAgICAgICAgICAgICAgICAgICAgInVzZXIiLAogICAgICAgICAgICAg + ICAgICAgICJpbmZvIiwKICAgICAgICAgICAgICAgICAgICAiLS11aWQiLAogICAgICAgICAgICAg + ICAgICAgIHNlbGYuRVhURVJOQUxfUkdXX0FETUlOX09QU19VU0VSX05BTUUsCiAgICAgICAgICAg + ICAgICAgICAgIi0tcmd3LXJlYWxtIiwKICAgICAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFy + c2VyLnJnd19yZWFsbV9uYW1lLAogICAgICAgICAgICAgICAgICAgICItLXJndy16b25lZ3JvdXAi + LAogICAgICAgICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIucmd3X3pvbmVncm91cF9uYW1l + LAogICAgICAgICAgICAgICAgICAgICItLXJndy16b25lIiwKICAgICAgICAgICAgICAgICAgICBz + ZWxmLl9hcmdfcGFyc2VyLnJnd196b25lX25hbWUsCiAgICAgICAgICAgICAgICBdCiAgICAgICAg + ICAgICAgICB0cnk6CiAgICAgICAgICAgICAgICAgICAgb3V0cHV0ID0gc3VicHJvY2Vzcy5jaGVj + a19vdXRwdXQoY21kLCBzdGRlcnI9c3VicHJvY2Vzcy5QSVBFKQogICAgICAgICAgICAgICAgZXhj + ZXB0IHN1YnByb2Nlc3MuQ2FsbGVkUHJvY2Vzc0Vycm9yIGFzIGV4ZWNFcnI6CiAgICAgICAgICAg + ICAgICAgICAgZXJyX21zZyA9ICgKICAgICAgICAgICAgICAgICAgICAgICAgZiJmYWlsZWQgdG8g + ZXhlY3V0ZSBjb21tYW5kIHtjbWR9LiBPdXRwdXQ6IHtleGVjRXJyLm91dHB1dH0uICIKICAgICAg + ICAgICAgICAgICAgICAgICAgZiJDb2RlOiB7ZXhlY0Vyci5yZXR1cm5jb2RlfS4gRXJyb3I6IHtl + eGVjRXJyLnN0ZGVycn0iCiAgICAgICAgICAgICAgICAgICAgKQogICAgICAgICAgICAgICAgICAg + IHN5cy5zdGRlcnIud3JpdGUoZXJyX21zZykKICAgICAgICAgICAgICAgICAgICByZXR1cm4gTm9u + ZSwgTm9uZSwgRmFsc2UsICItMSIKICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgIGVy + cl9tc2cgPSAoCiAgICAgICAgICAgICAgICAgICAgZiJmYWlsZWQgdG8gZXhlY3V0ZSBjb21tYW5k + IHtjbWR9LiBPdXRwdXQ6IHtleGVjRXJyLm91dHB1dH0uICIKICAgICAgICAgICAgICAgICAgICBm + IkNvZGU6IHtleGVjRXJyLnJldHVybmNvZGV9LiBFcnJvcjoge2V4ZWNFcnIuc3RkZXJyfSIKICAg + ICAgICAgICAgICAgICkKICAgICAgICAgICAgICAgIHN5cy5zdGRlcnIud3JpdGUoZXJyX21zZykK + ICAgICAgICAgICAgICAgIHJldHVybiBOb25lLCBOb25lLCBGYWxzZSwgIi0xIgoKICAgICAgICAj + IGlmIGl0IGlzIHB5dGhvbjIsIGRvbid0IGNoZWNrIGZvciBjZXBoIHZlcnNpb24gZm9yIGFkZGlu + ZyBgaW5mbz1yZWFkYCBjYXAocmd3X3ZhbGlkYXRpb24pCiAgICAgICAgaWYgc3lzLnZlcnNpb25f + aW5mby5tYWpvciA8IDM6CiAgICAgICAgICAgIGpzb25vdXRwdXQgPSBqc29uLmxvYWRzKG91dHB1 + dCkKICAgICAgICAgICAgcmV0dXJuICgKICAgICAgICAgICAgICAgIGpzb25vdXRwdXRbImtleXMi + XVswXVsiYWNjZXNzX2tleSJdLAogICAgICAgICAgICAgICAganNvbm91dHB1dFsia2V5cyJdWzBd + WyJzZWNyZXRfa2V5Il0sCiAgICAgICAgICAgICAgICBGYWxzZSwKICAgICAgICAgICAgICAgICIi + LAogICAgICAgICAgICApCgogICAgICAgICMgc2VwYXJhdGVseSBhZGQgaW5mbz1yZWFkIGNhcHMg + Zm9yIHJndy1lbmRwb2ludCBpcCB2YWxpZGF0aW9uCiAgICAgICAgaW5mb19jYXBfc3VwcG9ydGVk + ID0gVHJ1ZQogICAgICAgIGNtZCA9IFsKICAgICAgICAgICAgInJhZG9zZ3ctYWRtaW4iLAogICAg + ICAgICAgICAiY2FwcyIsCiAgICAgICAgICAgICJhZGQiLAogICAgICAgICAgICAiLS11aWQiLAog + ICAgICAgICAgICBzZWxmLkVYVEVSTkFMX1JHV19BRE1JTl9PUFNfVVNFUl9OQU1FLAogICAgICAg + ICAgICAiLS1jYXBzIiwKICAgICAgICAgICAgImluZm89cmVhZCIsCiAgICAgICAgICAgICItLXJn + dy1yZWFsbSIsCiAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIucmd3X3JlYWxtX25hbWUsCiAg + ICAgICAgICAgICItLXJndy16b25lZ3JvdXAiLAogICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2Vy + LnJnd196b25lZ3JvdXBfbmFtZSwKICAgICAgICAgICAgIi0tcmd3LXpvbmUiLAogICAgICAgICAg + ICBzZWxmLl9hcmdfcGFyc2VyLnJnd196b25lX25hbWUsCiAgICAgICAgXQogICAgICAgIHRyeToK + ICAgICAgICAgICAgb3V0cHV0ID0gc3VicHJvY2Vzcy5jaGVja19vdXRwdXQoY21kLCBzdGRlcnI9 + c3VicHJvY2Vzcy5QSVBFKQogICAgICAgIGV4Y2VwdCBzdWJwcm9jZXNzLkNhbGxlZFByb2Nlc3NF + cnJvciBhcyBleGVjRXJyOgogICAgICAgICAgICAjIGlmIHRoZSBjZXBoIHZlcnNpb24gbm90IHN1 + cHBvcnRlZCBmb3IgYWRkaW5nIGBpbmZvPXJlYWRgIGNhcChyZ3dfdmFsaWRhdGlvbikKICAgICAg + ICAgICAgaWYgKAogICAgICAgICAgICAgICAgImNvdWxkIG5vdCBhZGQgY2FwczogdW5hYmxlIHRv + IGFkZCBjYXBzOiBpbmZvPXJlYWRcbiIKICAgICAgICAgICAgICAgIGluIGV4ZWNFcnIuc3RkZXJy + LmRlY29kZSgidXRmLTgiKQogICAgICAgICAgICAgICAgYW5kIGV4ZWNFcnIucmV0dXJuY29kZSA9 + PSAyNDQKICAgICAgICAgICAgKToKICAgICAgICAgICAgICAgIGluZm9fY2FwX3N1cHBvcnRlZCA9 + IEZhbHNlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICBlcnJfbXNnID0gKAogICAg + ICAgICAgICAgICAgICAgIGYiZmFpbGVkIHRvIGV4ZWN1dGUgY29tbWFuZCB7Y21kfS4gT3V0cHV0 + OiB7ZXhlY0Vyci5vdXRwdXR9LiAiCiAgICAgICAgICAgICAgICAgICAgZiJDb2RlOiB7ZXhlY0Vy + ci5yZXR1cm5jb2RlfS4gRXJyb3I6IHtleGVjRXJyLnN0ZGVycn0iCiAgICAgICAgICAgICAgICAp + CiAgICAgICAgICAgICAgICBzeXMuc3RkZXJyLndyaXRlKGVycl9tc2cpCiAgICAgICAgICAgICAg + ICByZXR1cm4gTm9uZSwgTm9uZSwgRmFsc2UsICItMSIKCiAgICAgICAganNvbm91dHB1dCA9IGpz + b24ubG9hZHMob3V0cHV0KQogICAgICAgIHJldHVybiAoCiAgICAgICAgICAgIGpzb25vdXRwdXRb + ImtleXMiXVswXVsiYWNjZXNzX2tleSJdLAogICAgICAgICAgICBqc29ub3V0cHV0WyJrZXlzIl1b + MF1bInNlY3JldF9rZXkiXSwKICAgICAgICAgICAgaW5mb19jYXBfc3VwcG9ydGVkLAogICAgICAg + ICAgICAiIiwKICAgICAgICApCgogICAgZGVmIHZhbGlkYXRlX3JiZF9wb29sKHNlbGYpOgogICAg + ICAgIGlmIG5vdCBzZWxmLmNsdXN0ZXIucG9vbF9leGlzdHMoc2VsZi5fYXJnX3BhcnNlci5yYmRf + ZGF0YV9wb29sX25hbWUpOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0 + aW9uKAogICAgICAgICAgICAgICAgZiJUaGUgcHJvdmlkZWQgcG9vbCwgJ3tzZWxmLl9hcmdfcGFy + c2VyLnJiZF9kYXRhX3Bvb2xfbmFtZX0nLCBkb2VzIG5vdCBleGlzdCIKICAgICAgICAgICAgKQoK + ICAgIGRlZiBpbml0X3JiZF9wb29sKHNlbGYpOgogICAgICAgIGlmIGlzaW5zdGFuY2Uoc2VsZi5j + bHVzdGVyLCBEdW1teVJhZG9zKToKICAgICAgICAgICAgcmV0dXJuCiAgICAgICAgcmJkX3Bvb2xf + bmFtZSA9IHNlbGYuX2FyZ19wYXJzZXIucmJkX2RhdGFfcG9vbF9uYW1lCiAgICAgICAgaW9jdHgg + PSBzZWxmLmNsdXN0ZXIub3Blbl9pb2N0eChyYmRfcG9vbF9uYW1lKQogICAgICAgIHJiZF9pbnN0 + ID0gcmJkLlJCRCgpCiAgICAgICAgcmJkX2luc3QucG9vbF9pbml0KGlvY3R4LCBUcnVlKQoKICAg + IGRlZiB2YWxpZGF0ZV9yYWRvc19uYW1lc3BhY2Uoc2VsZik6CiAgICAgICAgcmJkX3Bvb2xfbmFt + ZSA9IHNlbGYuX2FyZ19wYXJzZXIucmJkX2RhdGFfcG9vbF9uYW1lCiAgICAgICAgcmFkb3NfbmFt + ZXNwYWNlID0gc2VsZi5fYXJnX3BhcnNlci5yYWRvc19uYW1lc3BhY2UKICAgICAgICBpZiByYWRv + c19uYW1lc3BhY2UgPT0gIiI6CiAgICAgICAgICAgIHJldHVybgogICAgICAgIGlmIHJhZG9zX25h + bWVzcGFjZS5pc2xvd2VyKCkgPT0gRmFsc2U6CiAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZh + aWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICBmIlRoZSBwcm92aWRlZCByYWRvcyBOYW1l + c3BhY2UsICd7cmFkb3NfbmFtZXNwYWNlfScsICIKICAgICAgICAgICAgICAgIGYiY29udGFpbnMg + dXBwZXIgY2FzZSIKICAgICAgICAgICAgKQogICAgICAgIHJiZF9pbnN0ID0gcmJkLlJCRCgpCiAg + ICAgICAgaW9jdHggPSBzZWxmLmNsdXN0ZXIub3Blbl9pb2N0eChyYmRfcG9vbF9uYW1lKQogICAg + ICAgIGlmIHJiZF9pbnN0Lm5hbWVzcGFjZV9leGlzdHMoaW9jdHgsIHJhZG9zX25hbWVzcGFjZSkg + aXMgRmFsc2U6CiAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAg + ICAgICAgICAgICAgICBmIlRoZSBwcm92aWRlZCByYWRvcyBOYW1lc3BhY2UsICd7cmFkb3NfbmFt + ZXNwYWNlfScsICIKICAgICAgICAgICAgICAgIGYiaXMgbm90IGZvdW5kIGluIHRoZSBwb29sICd7 + cmJkX3Bvb2xfbmFtZX0nIgogICAgICAgICAgICApCgogICAgZGVmIGdldF9vcl9jcmVhdGVfc3Vi + dm9sdW1lX2dyb3VwKHNlbGYsIHN1YnZvbHVtZV9ncm91cCwgY2VwaGZzX2ZpbGVzeXN0ZW1fbmFt + ZSk6CiAgICAgICAgY21kID0gWwogICAgICAgICAgICAiY2VwaCIsCiAgICAgICAgICAgICJmcyIs + CiAgICAgICAgICAgICJzdWJ2b2x1bWVncm91cCIsCiAgICAgICAgICAgICJnZXRwYXRoIiwKICAg + ICAgICAgICAgY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZSwKICAgICAgICAgICAgc3Vidm9sdW1lX2dy + b3VwLAogICAgICAgIF0KICAgICAgICB0cnk6CiAgICAgICAgICAgIF8gPSBzdWJwcm9jZXNzLmNo + ZWNrX291dHB1dChjbWQsIHN0ZGVycj1zdWJwcm9jZXNzLlBJUEUpCiAgICAgICAgZXhjZXB0IHN1 + YnByb2Nlc3MuQ2FsbGVkUHJvY2Vzc0Vycm9yOgogICAgICAgICAgICBjbWQgPSBbCiAgICAgICAg + ICAgICAgICAiY2VwaCIsCiAgICAgICAgICAgICAgICAiZnMiLAogICAgICAgICAgICAgICAgInN1 + YnZvbHVtZWdyb3VwIiwKICAgICAgICAgICAgICAgICJjcmVhdGUiLAogICAgICAgICAgICAgICAg + Y2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZSwKICAgICAgICAgICAgICAgIHN1YnZvbHVtZV9ncm91cCwK + ICAgICAgICAgICAgXQogICAgICAgICAgICB0cnk6CiAgICAgICAgICAgICAgICBfID0gc3VicHJv + Y2Vzcy5jaGVja19vdXRwdXQoY21kLCBzdGRlcnI9c3VicHJvY2Vzcy5QSVBFKQogICAgICAgICAg + ICBleGNlcHQgc3VicHJvY2Vzcy5DYWxsZWRQcm9jZXNzRXJyb3I6CiAgICAgICAgICAgICAgICBy + YWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgIGYic3Vi + dm9sdW1lIGdyb3VwIHtzdWJ2b2x1bWVfZ3JvdXB9IGlzIG5vdCBhYmxlIHRvIGdldCBjcmVhdGVk + IgogICAgICAgICAgICAgICAgKQoKICAgIGRlZiBwaW5fc3Vidm9sdW1lKAogICAgICAgIHNlbGYs + IHN1YnZvbHVtZV9ncm91cCwgY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZSwgcGluX3R5cGUsIHBpbl9z + ZXR0aW5nCiAgICApOgogICAgICAgIGNtZCA9IFsKICAgICAgICAgICAgImNlcGgiLAogICAgICAg + ICAgICAiZnMiLAogICAgICAgICAgICAic3Vidm9sdW1lZ3JvdXAiLAogICAgICAgICAgICAicGlu + IiwKICAgICAgICAgICAgY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZSwKICAgICAgICAgICAgc3Vidm9s + dW1lX2dyb3VwLAogICAgICAgICAgICBwaW5fdHlwZSwKICAgICAgICAgICAgcGluX3NldHRpbmcs + CiAgICAgICAgXQogICAgICAgIHRyeToKICAgICAgICAgICAgXyA9IHN1YnByb2Nlc3MuY2hlY2tf + b3V0cHV0KGNtZCwgc3RkZXJyPXN1YnByb2Nlc3MuUElQRSkKICAgICAgICBleGNlcHQgc3VicHJv + Y2Vzcy5DYWxsZWRQcm9jZXNzRXJyb3I6CiAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1 + cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICBmInN1YnZvbHVtZSBncm91cCB7c3Vidm9sdW1l + X2dyb3VwfSBpcyBub3QgYWJsZSB0byBnZXQgcGlubmVkIgogICAgICAgICAgICApCgogICAgZGVm + IGdldF9yZ3dfZnNpZChzZWxmLCBiYXNlX3VybCwgdmVyaWZ5KToKICAgICAgICBhY2Nlc3Nfa2V5 + ID0gc2VsZi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJfQUNDRVNTX0tFWSJdCiAgICAgICAg + c2VjcmV0X2tleSA9IHNlbGYub3V0X21hcFsiUkdXX0FETUlOX09QU19VU0VSX1NFQ1JFVF9LRVki + XQogICAgICAgIHJnd19lbmRwb2ludCA9IHNlbGYuX2FyZ19wYXJzZXIucmd3X2VuZHBvaW50CiAg + ICAgICAgYmFzZV91cmwgPSBiYXNlX3VybCArICI6Ly8iICsgcmd3X2VuZHBvaW50ICsgIi9hZG1p + bi9pbmZvPyIKICAgICAgICBwYXJhbXMgPSB7ImZvcm1hdCI6ICJqc29uIn0KICAgICAgICByZXF1 + ZXN0X3VybCA9IGJhc2VfdXJsICsgdXJsZW5jb2RlKHBhcmFtcykKCiAgICAgICAgdHJ5OgogICAg + ICAgICAgICByID0gcmVxdWVzdHMuZ2V0KAogICAgICAgICAgICAgICAgcmVxdWVzdF91cmwsCiAg + ICAgICAgICAgICAgICBhdXRoPVMzQXV0aChhY2Nlc3Nfa2V5LCBzZWNyZXRfa2V5LCByZ3dfZW5k + cG9pbnQpLAogICAgICAgICAgICAgICAgdmVyaWZ5PXZlcmlmeSwKICAgICAgICAgICAgKQogICAg + ICAgIGV4Y2VwdCByZXF1ZXN0cy5leGNlcHRpb25zLlRpbWVvdXQ6CiAgICAgICAgICAgIHN5cy5z + dGRlcnIud3JpdGUoCiAgICAgICAgICAgICAgICBmImludmFsaWQgZW5kcG9pbnQ6LCBub3QgYWJs + ZSB0byBjYWxsIGFkbWluLW9wcyBhcGl7cmd3X2VuZHBvaW50fSIKICAgICAgICAgICAgKQogICAg + ICAgICAgICByZXR1cm4gIiIsICItMSIKICAgICAgICByMSA9IHIuanNvbigpCiAgICAgICAgaWYg + cjEgaXMgTm9uZSBvciByMS5nZXQoImluZm8iKSBpcyBOb25lOgogICAgICAgICAgICBzeXMuc3Rk + ZXJyLndyaXRlKAogICAgICAgICAgICAgICAgZiJUaGUgcHJvdmlkZWQgcmd3IEVuZHBvaW50LCAn + e3NlbGYuX2FyZ19wYXJzZXIucmd3X2VuZHBvaW50fScsIGlzIGludmFsaWQuIgogICAgICAgICAg + ICApCiAgICAgICAgICAgIHJldHVybiAoCiAgICAgICAgICAgICAgICAiIiwKICAgICAgICAgICAg + ICAgICItMSIsCiAgICAgICAgICAgICkKCiAgICAgICAgcmV0dXJuIHIxWyJpbmZvIl1bInN0b3Jh + Z2VfYmFja2VuZHMiXVswXVsiY2x1c3Rlcl9pZCJdLCAiIgoKICAgIGRlZiB2YWxpZGF0ZV9yZ3df + ZW5kcG9pbnQoc2VsZiwgaW5mb19jYXBfc3VwcG9ydGVkKToKICAgICAgICAjIGlmIHRoZSAnY2x1 + c3RlcicgaW5zdGFuY2UgaXMgYSBkdW1teSBvbmUsCiAgICAgICAgIyBkb24ndCB0cnkgdG8gcmVh + Y2ggb3V0IHRvIHRoZSBlbmRwb2ludAogICAgICAgIGlmIGlzaW5zdGFuY2Uoc2VsZi5jbHVzdGVy + LCBEdW1teVJhZG9zKToKICAgICAgICAgICAgcmV0dXJuCgogICAgICAgIHJnd19lbmRwb2ludCA9 + IHNlbGYuX2FyZ19wYXJzZXIucmd3X2VuZHBvaW50CgogICAgICAgICMgdmFsaWRhdGUgcmd3IGVu + ZHBvaW50IG9ubHkgaWYgaXAgYWRkcmVzcyBpcyBwYXNzZWQKICAgICAgICBpcF90eXBlID0gc2Vs + Zi5faW52YWxpZF9lbmRwb2ludChyZ3dfZW5kcG9pbnQpCgogICAgICAgICMgY2hlY2sgaWYgdGhl + IHJndyBlbmRwb2ludCBpcyByZWFjaGFibGUKICAgICAgICBjZXJ0ID0gTm9uZQogICAgICAgIGlm + IG5vdCBzZWxmLl9hcmdfcGFyc2VyLnJnd19za2lwX3RscyBhbmQgc2VsZi52YWxpZGF0ZV9yZ3df + ZW5kcG9pbnRfdGxzX2NlcnQoKToKICAgICAgICAgICAgY2VydCA9IHNlbGYuX2FyZ19wYXJzZXIu + cmd3X3Rsc19jZXJ0X3BhdGgKICAgICAgICBiYXNlX3VybCwgdmVyaWZ5LCBlcnIgPSBzZWxmLmVu + ZHBvaW50X2RpYWwocmd3X2VuZHBvaW50LCBpcF90eXBlLCBjZXJ0PWNlcnQpCiAgICAgICAgaWYg + ZXJyICE9ICIiOgogICAgICAgICAgICByZXR1cm4gIi0xIgoKICAgICAgICAjIGNoZWNrIGlmIHRo + ZSByZ3cgZW5kcG9pbnQgYmVsb25ncyB0byB0aGUgc2FtZSBjbHVzdGVyCiAgICAgICAgIyBvbmx5 + IGNoZWNrIGlmIGBpbmZvYCBjYXAgaXMgc3VwcG9ydGVkCiAgICAgICAgaWYgaW5mb19jYXBfc3Vw + cG9ydGVkOgogICAgICAgICAgICBmc2lkID0gc2VsZi5nZXRfZnNpZCgpCiAgICAgICAgICAgIHJn + d19mc2lkLCBlcnIgPSBzZWxmLmdldF9yZ3dfZnNpZChiYXNlX3VybCwgdmVyaWZ5KQogICAgICAg + ICAgICBpZiBlcnIgPT0gIi0xIjoKICAgICAgICAgICAgICAgIHJldHVybiAiLTEiCiAgICAgICAg + ICAgIGlmIGZzaWQgIT0gcmd3X2ZzaWQ6CiAgICAgICAgICAgICAgICBzeXMuc3RkZXJyLndyaXRl + KAogICAgICAgICAgICAgICAgICAgIGYiVGhlIHByb3ZpZGVkIHJndyBFbmRwb2ludCwgJ3tzZWxm + Ll9hcmdfcGFyc2VyLnJnd19lbmRwb2ludH0nLCBpcyBpbnZhbGlkLiBXZSBhcmUgdmFsaWRhdGlu + ZyBieSBjYWxsaW5nIHRoZSBhZG1pbm9wcyBhcGkgdGhyb3VnaCByZ3ctZW5kcG9pbnQgYW5kIHZh + bGlkYXRpbmcgdGhlIGNsdXN0ZXJfaWQgJ3tyZ3dfZnNpZH0nIGlzIGVxdWFsIHRvIHRoZSBjZXBo + IGNsdXN0ZXIgZnNpZCAne2ZzaWR9JyIKICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgICAg + IHJldHVybiAiLTEiCgogICAgICAgICMgY2hlY2sgaWYgdGhlIHJndyBlbmRwb2ludCBwb29sIGV4 + aXN0CiAgICAgICAgIyBvbmx5IHZhbGlkYXRlIGlmIHJnd19wb29sX3ByZWZpeCBpcyBwYXNzZWQg + ZWxzZSBpdCB3aWxsIHRha2UgZGVmYXVsdCB2YWx1ZSBhbmQgd2UgZG9uJ3QgY3JlYXRlIHRoZXNl + IGRlZmF1bHQgcG9vbHMKICAgICAgICBpZiBzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZp + eCAhPSAiZGVmYXVsdCI6CiAgICAgICAgICAgIHJnd19wb29sc190b192YWxpZGF0ZSA9IFsKICAg + ICAgICAgICAgICAgIGYie3NlbGYuX2FyZ19wYXJzZXIucmd3X3Bvb2xfcHJlZml4fS5yZ3cubWV0 + YSIsCiAgICAgICAgICAgICAgICAiLnJndy5yb290IiwKICAgICAgICAgICAgICAgIGYie3NlbGYu + X2FyZ19wYXJzZXIucmd3X3Bvb2xfcHJlZml4fS5yZ3cuY29udHJvbCIsCiAgICAgICAgICAgICAg + ICBmIntzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeH0ucmd3LmxvZyIsCiAgICAgICAg + ICAgIF0KICAgICAgICAgICAgZm9yIF9yZ3dfcG9vbF90b192YWxpZGF0ZSBpbiByZ3dfcG9vbHNf + dG9fdmFsaWRhdGU6CiAgICAgICAgICAgICAgICBpZiBub3Qgc2VsZi5jbHVzdGVyLnBvb2xfZXhp + c3RzKF9yZ3dfcG9vbF90b192YWxpZGF0ZSk6CiAgICAgICAgICAgICAgICAgICAgc3lzLnN0ZGVy + ci53cml0ZSgKICAgICAgICAgICAgICAgICAgICAgICAgZiJUaGUgcHJvdmlkZWQgcG9vbCwgJ3tf + cmd3X3Bvb2xfdG9fdmFsaWRhdGV9JywgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgICAgICAg + ICAgKQogICAgICAgICAgICAgICAgICAgIHJldHVybiAiLTEiCgogICAgICAgIHJldHVybiAiIgoK + ICAgIGRlZiB2YWxpZGF0ZV9yZ3dfbXVsdGlzaXRlKHNlbGYsIHJnd19tdWx0aXNpdGVfY29uZmln + X25hbWUsIHJnd19tdWx0aXNpdGVfY29uZmlnKToKICAgICAgICBpZiByZ3dfbXVsdGlzaXRlX2Nv + bmZpZyAhPSAiIjoKICAgICAgICAgICAgY21kID0gWwogICAgICAgICAgICAgICAgInJhZG9zZ3ct + YWRtaW4iLAogICAgICAgICAgICAgICAgcmd3X211bHRpc2l0ZV9jb25maWcsCiAgICAgICAgICAg + ICAgICAiZ2V0IiwKICAgICAgICAgICAgICAgICItLXJndy0iICsgcmd3X211bHRpc2l0ZV9jb25m + aWcsCiAgICAgICAgICAgICAgICByZ3dfbXVsdGlzaXRlX2NvbmZpZ19uYW1lLAogICAgICAgICAg + ICBdCiAgICAgICAgICAgIHRyeToKICAgICAgICAgICAgICAgIF8gPSBzdWJwcm9jZXNzLmNoZWNr + X291dHB1dChjbWQsIHN0ZGVycj1zdWJwcm9jZXNzLlBJUEUpCiAgICAgICAgICAgIGV4Y2VwdCBz + dWJwcm9jZXNzLkNhbGxlZFByb2Nlc3NFcnJvciBhcyBleGVjRXJyOgogICAgICAgICAgICAgICAg + ZXJyX21zZyA9ICgKICAgICAgICAgICAgICAgICAgICBmImZhaWxlZCB0byBleGVjdXRlIGNvbW1h + bmQge2NtZH0uIE91dHB1dDoge2V4ZWNFcnIub3V0cHV0fS4gIgogICAgICAgICAgICAgICAgICAg + IGYiQ29kZToge2V4ZWNFcnIucmV0dXJuY29kZX0uIEVycm9yOiB7ZXhlY0Vyci5zdGRlcnJ9Igog + ICAgICAgICAgICAgICAgKQogICAgICAgICAgICAgICAgc3lzLnN0ZGVyci53cml0ZShlcnJfbXNn + KQogICAgICAgICAgICAgICAgcmV0dXJuICItMSIKICAgICAgICByZXR1cm4gIiIKCiAgICBkZWYg + X2dlbl9vdXRwdXRfbWFwKHNlbGYpOgogICAgICAgIGlmIHNlbGYub3V0X21hcDoKICAgICAgICAg + ICAgcmV0dXJuCiAgICAgICAgIyBzdXBwb3J0IGxlZ2FjeSBmbGFnIHdpdGggdXBncmFkZXMKICAg + ICAgICBpZiBzZWxmLl9hcmdfcGFyc2VyLmNsdXN0ZXJfbmFtZToKICAgICAgICAgICAgc2VsZi5f + YXJnX3BhcnNlci5rOHNfY2x1c3Rlcl9uYW1lID0gc2VsZi5fYXJnX3BhcnNlci5jbHVzdGVyX25h + bWUKICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLms4c19jbHVzdGVyX25hbWUgPSAoCiAgICAgICAg + ICAgIHNlbGYuX2FyZ19wYXJzZXIuazhzX2NsdXN0ZXJfbmFtZS5sb3dlcigpCiAgICAgICAgKSAg + IyBhbHdheXMgY29udmVydCBjbHVzdGVyIG5hbWUgdG8gbG93ZXJjYXNlIGNoYXJhY3RlcnMKICAg + ICAgICBzZWxmLnZhbGlkYXRlX3JiZF9wb29sKCkKICAgICAgICBzZWxmLmluaXRfcmJkX3Bvb2wo + KQogICAgICAgIHNlbGYudmFsaWRhdGVfcmFkb3NfbmFtZXNwYWNlKCkKICAgICAgICBzZWxmLl9l + eGNsdWRlZF9rZXlzLmFkZCgiSzhTX0NMVVNURVJfTkFNRSIpCiAgICAgICAgc2VsZi5nZXRfY2Vw + aGZzX2RhdGFfcG9vbF9kZXRhaWxzKCkKICAgICAgICBzZWxmLm91dF9tYXBbIk5BTUVTUEFDRSJd + ID0gc2VsZi5fYXJnX3BhcnNlci5uYW1lc3BhY2UKICAgICAgICBzZWxmLm91dF9tYXBbIks4U19D + TFVTVEVSX05BTUUiXSA9IHNlbGYuX2FyZ19wYXJzZXIuazhzX2NsdXN0ZXJfbmFtZQogICAgICAg + IHNlbGYub3V0X21hcFsiUk9PS19FWFRFUk5BTF9GU0lEIl0gPSBzZWxmLmdldF9mc2lkKCkKICAg + ICAgICBzZWxmLm91dF9tYXBbIlJPT0tfRVhURVJOQUxfVVNFUk5BTUUiXSA9IHNlbGYucnVuX2Fz + X3VzZXIKICAgICAgICBzZWxmLm91dF9tYXBbIlJPT0tfRVhURVJOQUxfQ0VQSF9NT05fREFUQSJd + ID0gc2VsZi5nZXRfY2VwaF9leHRlcm5hbF9tb25fZGF0YSgpCiAgICAgICAgc2VsZi5vdXRfbWFw + WyJST09LX0VYVEVSTkFMX1VTRVJfU0VDUkVUIl0gPSBzZWxmLmNyZWF0ZV9jaGVja2VyS2V5KAog + ICAgICAgICAgICAiY2xpZW50LmhlYWx0aGNoZWNrZXIiCiAgICAgICAgKQogICAgICAgIHNlbGYu + b3V0X21hcFsiUk9PS19FWFRFUk5BTF9EQVNIQk9BUkRfTElOSyJdID0gc2VsZi5nZXRfY2VwaF9k + YXNoYm9hcmRfbGluaygpCiAgICAgICAgKAogICAgICAgICAgICBzZWxmLm91dF9tYXBbIkNTSV9S + QkRfTk9ERV9TRUNSRVQiXSwKICAgICAgICAgICAgc2VsZi5vdXRfbWFwWyJDU0lfUkJEX05PREVf + U0VDUkVUX05BTUUiXSwKICAgICAgICApID0gc2VsZi5jcmVhdGVfY2VwaENTSUtleXJpbmdfdXNl + cigiY2xpZW50LmNzaS1yYmQtbm9kZSIpCiAgICAgICAgKAogICAgICAgICAgICBzZWxmLm91dF9t + YXBbIkNTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUIl0sCiAgICAgICAgICAgIHNlbGYub3V0X21h + cFsiQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSJdLAogICAgICAgICkgPSBzZWxmLmNy + ZWF0ZV9jZXBoQ1NJS2V5cmluZ191c2VyKCJjbGllbnQuY3NpLXJiZC1wcm92aXNpb25lciIpCiAg + ICAgICAgc2VsZi5vdXRfbWFwWyJDRVBIRlNfUE9PTF9OQU1FIl0gPSBzZWxmLl9hcmdfcGFyc2Vy + LmNlcGhmc19kYXRhX3Bvb2xfbmFtZQogICAgICAgIHNlbGYub3V0X21hcFsiQ0VQSEZTX01FVEFE + QVRBX1BPT0xfTkFNRSJdID0gKAogICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLmNlcGhmc19t + ZXRhZGF0YV9wb29sX25hbWUKICAgICAgICApCiAgICAgICAgc2VsZi5vdXRfbWFwWyJDRVBIRlNf + RlNfTkFNRSJdID0gc2VsZi5fYXJnX3BhcnNlci5jZXBoZnNfZmlsZXN5c3RlbV9uYW1lCiAgICAg + ICAgc2VsZi5vdXRfbWFwWyJSRVNUUklDVEVEX0FVVEhfUEVSTUlTU0lPTiJdID0gKAogICAgICAg + ICAgICBzZWxmLl9hcmdfcGFyc2VyLnJlc3RyaWN0ZWRfYXV0aF9wZXJtaXNzaW9uCiAgICAgICAg + KQogICAgICAgIHNlbGYub3V0X21hcFsiUkFET1NfTkFNRVNQQUNFIl0gPSBzZWxmLl9hcmdfcGFy + c2VyLnJhZG9zX25hbWVzcGFjZQogICAgICAgIHNlbGYub3V0X21hcFsiU1VCVk9MVU1FX0dST1VQ + Il0gPSBzZWxmLl9hcmdfcGFyc2VyLnN1YnZvbHVtZV9ncm91cAogICAgICAgIHNlbGYub3V0X21h + cFsiQ1NJX0NFUEhGU19OT0RFX1NFQ1JFVCJdID0gIiIKICAgICAgICBzZWxmLm91dF9tYXBbIkNT + SV9DRVBIRlNfUFJPVklTSU9ORVJfU0VDUkVUIl0gPSAiIgogICAgICAgICMgY3JlYXRlIENlcGhG + UyBub2RlIGFuZCBwcm92aXNpb25lciBrZXlyaW5nIG9ubHkgd2hlbiBNRFMgZXhpc3RzCiAgICAg + ICAgaWYgc2VsZi5vdXRfbWFwWyJDRVBIRlNfRlNfTkFNRSJdIGFuZCBzZWxmLm91dF9tYXBbIkNF + UEhGU19QT09MX05BTUUiXToKICAgICAgICAgICAgKAogICAgICAgICAgICAgICAgc2VsZi5vdXRf + bWFwWyJDU0lfQ0VQSEZTX05PREVfU0VDUkVUIl0sCiAgICAgICAgICAgICAgICBzZWxmLm91dF9t + YXBbIkNTSV9DRVBIRlNfTk9ERV9TRUNSRVRfTkFNRSJdLAogICAgICAgICAgICApID0gc2VsZi5j + cmVhdGVfY2VwaENTSUtleXJpbmdfdXNlcigiY2xpZW50LmNzaS1jZXBoZnMtbm9kZSIpCiAgICAg + ICAgICAgICgKICAgICAgICAgICAgICAgIHNlbGYub3V0X21hcFsiQ1NJX0NFUEhGU19QUk9WSVNJ + T05FUl9TRUNSRVQiXSwKICAgICAgICAgICAgICAgIHNlbGYub3V0X21hcFsiQ1NJX0NFUEhGU19Q + Uk9WSVNJT05FUl9TRUNSRVRfTkFNRSJdLAogICAgICAgICAgICApID0gc2VsZi5jcmVhdGVfY2Vw + aENTSUtleXJpbmdfdXNlcigiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9uZXIiKQogICAgICAg + ICAgICAjIGNyZWF0ZSB0aGUgZGVmYXVsdCAiY3NpIiBzdWJ2b2x1bWVncm91cAogICAgICAgICAg + ICBzZWxmLmdldF9vcl9jcmVhdGVfc3Vidm9sdW1lX2dyb3VwKAogICAgICAgICAgICAgICAgImNz + aSIsIHNlbGYuX2FyZ19wYXJzZXIuY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZQogICAgICAgICAgICAp + CiAgICAgICAgICAgICMgcGluIHRoZSBkZWZhdWx0ICJjc2kiIHN1YnZvbHVtZWdyb3VwCiAgICAg + ICAgICAgIHNlbGYucGluX3N1YnZvbHVtZSgKICAgICAgICAgICAgICAgICJjc2kiLCBzZWxmLl9h + cmdfcGFyc2VyLmNlcGhmc19maWxlc3lzdGVtX25hbWUsICJkaXN0cmlidXRlZCIsICIxIgogICAg + ICAgICAgICApCiAgICAgICAgICAgIGlmIHNlbGYub3V0X21hcFsiU1VCVk9MVU1FX0dST1VQIl06 + CiAgICAgICAgICAgICAgICBzZWxmLmdldF9vcl9jcmVhdGVfc3Vidm9sdW1lX2dyb3VwKAogICAg + ICAgICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIuc3Vidm9sdW1lX2dyb3VwLAogICAgICAg + ICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIuY2VwaGZzX2ZpbGVzeXN0ZW1fbmFtZSwKICAg + ICAgICAgICAgICAgICkKICAgICAgICAgICAgICAgIHNlbGYucGluX3N1YnZvbHVtZSgKICAgICAg + ICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLnN1YnZvbHVtZV9ncm91cCwKICAgICAgICAg + ICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLmNlcGhmc19maWxlc3lzdGVtX25hbWUsCiAgICAg + ICAgICAgICAgICAgICAgImRpc3RyaWJ1dGVkIiwKICAgICAgICAgICAgICAgICAgICAiMSIsCiAg + ICAgICAgICAgICAgICApCiAgICAgICAgc2VsZi5vdXRfbWFwWyJSR1dfVExTX0NFUlQiXSA9ICIi + CiAgICAgICAgc2VsZi5vdXRfbWFwWyJNT05JVE9SSU5HX0VORFBPSU5UIl0gPSAiIgogICAgICAg + IHNlbGYub3V0X21hcFsiTU9OSVRPUklOR19FTkRQT0lOVF9QT1JUIl0gPSAiIgogICAgICAgIGlm + IG5vdCBzZWxmLl9hcmdfcGFyc2VyLnNraXBfbW9uaXRvcmluZ19lbmRwb2ludDoKICAgICAgICAg + ICAgKAogICAgICAgICAgICAgICAgc2VsZi5vdXRfbWFwWyJNT05JVE9SSU5HX0VORFBPSU5UIl0s + CiAgICAgICAgICAgICAgICBzZWxmLm91dF9tYXBbIk1PTklUT1JJTkdfRU5EUE9JTlRfUE9SVCJd + LAogICAgICAgICAgICApID0gc2VsZi5nZXRfYWN0aXZlX2FuZF9zdGFuZGJ5X21ncnMoKQogICAg + ICAgIHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdID0gc2VsZi5fYXJnX3BhcnNlci5yYmRf + ZGF0YV9wb29sX25hbWUKICAgICAgICBzZWxmLm91dF9tYXBbIlJCRF9NRVRBREFUQV9FQ19QT09M + X05BTUUiXSA9ICgKICAgICAgICAgICAgc2VsZi52YWxpZGF0ZV9yYmRfbWV0YWRhdGFfZWNfcG9v + bF9uYW1lKCkKICAgICAgICApCiAgICAgICAgc2VsZi5vdXRfbWFwWyJSR1dfUE9PTF9QUkVGSVgi + XSA9IHNlbGYuX2FyZ19wYXJzZXIucmd3X3Bvb2xfcHJlZml4CiAgICAgICAgc2VsZi5vdXRfbWFw + WyJSR1dfRU5EUE9JTlQiXSA9ICIiCiAgICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci5yZ3dfZW5k + cG9pbnQ6CiAgICAgICAgICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIuZHJ5X3J1bjoKICAgICAgICAg + ICAgICAgIHNlbGYuY3JlYXRlX3Jnd19hZG1pbl9vcHNfdXNlcigpCiAgICAgICAgICAgIGVsc2U6 + CiAgICAgICAgICAgICAgICBpZiAoCiAgICAgICAgICAgICAgICAgICAgc2VsZi5fYXJnX3BhcnNl + ci5yZ3dfcmVhbG1fbmFtZSAhPSAiIgogICAgICAgICAgICAgICAgICAgIGFuZCBzZWxmLl9hcmdf + cGFyc2VyLnJnd196b25lZ3JvdXBfbmFtZSAhPSAiIgogICAgICAgICAgICAgICAgICAgIGFuZCBz + ZWxmLl9hcmdfcGFyc2VyLnJnd196b25lX25hbWUgIT0gIiIKICAgICAgICAgICAgICAgICk6CiAg + ICAgICAgICAgICAgICAgICAgZXJyID0gc2VsZi52YWxpZGF0ZV9yZ3dfbXVsdGlzaXRlKAogICAg + ICAgICAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLnJnd19yZWFsbV9uYW1lLCAicmVh + bG0iCiAgICAgICAgICAgICAgICAgICAgKQogICAgICAgICAgICAgICAgICAgIGVyciA9IHNlbGYu + dmFsaWRhdGVfcmd3X211bHRpc2l0ZSgKICAgICAgICAgICAgICAgICAgICAgICAgc2VsZi5fYXJn + X3BhcnNlci5yZ3dfem9uZWdyb3VwX25hbWUsICJ6b25lZ3JvdXAiCiAgICAgICAgICAgICAgICAg + ICAgKQogICAgICAgICAgICAgICAgICAgIGVyciA9IHNlbGYudmFsaWRhdGVfcmd3X211bHRpc2l0 + ZSgKICAgICAgICAgICAgICAgICAgICAgICAgc2VsZi5fYXJnX3BhcnNlci5yZ3dfem9uZV9uYW1l + LCAiem9uZSIKICAgICAgICAgICAgICAgICAgICApCgogICAgICAgICAgICAgICAgaWYgKAogICAg + ICAgICAgICAgICAgICAgIHNlbGYuX2FyZ19wYXJzZXIucmd3X3JlYWxtX25hbWUgPT0gIiIKICAg + ICAgICAgICAgICAgICAgICBhbmQgc2VsZi5fYXJnX3BhcnNlci5yZ3dfem9uZWdyb3VwX25hbWUg + PT0gIiIKICAgICAgICAgICAgICAgICAgICBhbmQgc2VsZi5fYXJnX3BhcnNlci5yZ3dfem9uZV9u + YW1lID09ICIiCiAgICAgICAgICAgICAgICApIG9yICgKICAgICAgICAgICAgICAgICAgICBzZWxm + Ll9hcmdfcGFyc2VyLnJnd19yZWFsbV9uYW1lICE9ICIiCiAgICAgICAgICAgICAgICAgICAgYW5k + IHNlbGYuX2FyZ19wYXJzZXIucmd3X3pvbmVncm91cF9uYW1lICE9ICIiCiAgICAgICAgICAgICAg + ICAgICAgYW5kIHNlbGYuX2FyZ19wYXJzZXIucmd3X3pvbmVfbmFtZSAhPSAiIgogICAgICAgICAg + ICAgICAgKToKICAgICAgICAgICAgICAgICAgICAoCiAgICAgICAgICAgICAgICAgICAgICAgIHNl + bGYub3V0X21hcFsiUkdXX0FETUlOX09QU19VU0VSX0FDQ0VTU19LRVkiXSwKICAgICAgICAgICAg + ICAgICAgICAgICAgc2VsZi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJfU0VDUkVUX0tFWSJd + LAogICAgICAgICAgICAgICAgICAgICAgICBpbmZvX2NhcF9zdXBwb3J0ZWQsCiAgICAgICAgICAg + ICAgICAgICAgICAgIGVyciwKICAgICAgICAgICAgICAgICAgICApID0gc2VsZi5jcmVhdGVfcmd3 + X2FkbWluX29wc191c2VyKCkKICAgICAgICAgICAgICAgICAgICBlcnIgPSBzZWxmLnZhbGlkYXRl + X3Jnd19lbmRwb2ludChpbmZvX2NhcF9zdXBwb3J0ZWQpCiAgICAgICAgICAgICAgICAgICAgaWYg + c2VsZi5fYXJnX3BhcnNlci5yZ3dfdGxzX2NlcnRfcGF0aDoKICAgICAgICAgICAgICAgICAgICAg + ICAgc2VsZi5vdXRfbWFwWyJSR1dfVExTX0NFUlQiXSA9ICgKICAgICAgICAgICAgICAgICAgICAg + ICAgICAgIHNlbGYudmFsaWRhdGVfcmd3X2VuZHBvaW50X3Rsc19jZXJ0KCkKICAgICAgICAgICAg + ICAgICAgICAgICAgKQogICAgICAgICAgICAgICAgICAgICMgaWYgdGhlcmUgaXMgbm8gZXJyb3Is + IHNldCB0aGUgUkdXX0VORFBPSU5UCiAgICAgICAgICAgICAgICAgICAgaWYgZXJyICE9ICItMSI6 + CiAgICAgICAgICAgICAgICAgICAgICAgIHNlbGYub3V0X21hcFsiUkdXX0VORFBPSU5UIl0gPSBz + ZWxmLl9hcmdfcGFyc2VyLnJnd19lbmRwb2ludAogICAgICAgICAgICAgICAgZWxzZToKICAgICAg + ICAgICAgICAgICAgICBlcnIgPSAiUGxlYXNlIHByb3ZpZGUgYWxsIHRoZSBSR1cgbXVsdGlzaXRl + IHBhcmFtZXRlcnMgb3Igbm9uZSBvZiB0aGVtIgogICAgICAgICAgICAgICAgICAgIHN5cy5zdGRl + cnIud3JpdGUoZXJyKQoKICAgIGRlZiBnZW5fc2hlbGxfb3V0KHNlbGYpOgogICAgICAgIHNlbGYu + X2dlbl9vdXRwdXRfbWFwKCkKICAgICAgICBzaE91dElPID0gU3RyaW5nSU8oKQogICAgICAgIGZv + ciBrLCB2IGluIHNlbGYub3V0X21hcC5pdGVtcygpOgogICAgICAgICAgICBpZiB2IGFuZCBrIG5v + dCBpbiBzZWxmLl9leGNsdWRlZF9rZXlzOgogICAgICAgICAgICAgICAgc2hPdXRJTy53cml0ZShm + ImV4cG9ydCB7a309e3Z9e0xJTkVTRVB9IikKICAgICAgICBzaE91dCA9IHNoT3V0SU8uZ2V0dmFs + dWUoKQogICAgICAgIHNoT3V0SU8uY2xvc2UoKQogICAgICAgIHJldHVybiBzaE91dAoKICAgIGRl + ZiBnZW5fanNvbl9vdXQoc2VsZik6CiAgICAgICAgc2VsZi5fZ2VuX291dHB1dF9tYXAoKQogICAg + ICAgIGlmIHNlbGYuX2FyZ19wYXJzZXIuZHJ5X3J1bjoKICAgICAgICAgICAgcmV0dXJuICIiCiAg + ICAgICAganNvbl9vdXQgPSBbCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICJuYW1lIjog + InJvb2stY2VwaC1tb24tZW5kcG9pbnRzIiwKICAgICAgICAgICAgICAgICJraW5kIjogIkNvbmZp + Z01hcCIsCiAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAiZGF0 + YSI6IHNlbGYub3V0X21hcFsiUk9PS19FWFRFUk5BTF9DRVBIX01PTl9EQVRBIl0sCiAgICAgICAg + ICAgICAgICAgICAgIm1heE1vbklkIjogIjAiLAogICAgICAgICAgICAgICAgICAgICJtYXBwaW5n + IjogInt9IiwKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgIHsK + ICAgICAgICAgICAgICAgICJuYW1lIjogInJvb2stY2VwaC1tb24iLAogICAgICAgICAgICAgICAg + ImtpbmQiOiAiU2VjcmV0IiwKICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAg + ICAgICAgICJhZG1pbi1zZWNyZXQiOiAiYWRtaW4tc2VjcmV0IiwKICAgICAgICAgICAgICAgICAg + ICAiZnNpZCI6IHNlbGYub3V0X21hcFsiUk9PS19FWFRFUk5BTF9GU0lEIl0sCiAgICAgICAgICAg + ICAgICAgICAgIm1vbi1zZWNyZXQiOiAibW9uLXNlY3JldCIsCiAgICAgICAgICAgICAgICB9LAog + ICAgICAgICAgICB9LAogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibmFtZSI6ICJyb29r + LWNlcGgtb3BlcmF0b3ItY3JlZHMiLAogICAgICAgICAgICAgICAgImtpbmQiOiAiU2VjcmV0IiwK + ICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICJ1c2VySUQiOiBz + ZWxmLm91dF9tYXBbIlJPT0tfRVhURVJOQUxfVVNFUk5BTUUiXSwKICAgICAgICAgICAgICAgICAg + ICAidXNlcktleSI6IHNlbGYub3V0X21hcFsiUk9PS19FWFRFUk5BTF9VU0VSX1NFQ1JFVCJdLAog + ICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgfSwKICAgICAgICBdCgogICAgICAgICMgaWYg + J01PTklUT1JJTkdfRU5EUE9JTlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAnbW9uaXRvcmluZy1l + bmRwb2ludCcgdG8gQ2x1c3RlcgogICAgICAgIGlmICgKICAgICAgICAgICAgc2VsZi5vdXRfbWFw + WyJNT05JVE9SSU5HX0VORFBPSU5UIl0KICAgICAgICAgICAgYW5kIHNlbGYub3V0X21hcFsiTU9O + SVRPUklOR19FTkRQT0lOVF9QT1JUIl0KICAgICAgICApOgogICAgICAgICAgICBqc29uX291dC5h + cHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAibW9u + aXRvcmluZy1lbmRwb2ludCIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiQ2VwaENsdXN0 + ZXIiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAg + ICAiTW9uaXRvcmluZ0VuZHBvaW50Ijogc2VsZi5vdXRfbWFwWyJNT05JVE9SSU5HX0VORFBPSU5U + Il0sCiAgICAgICAgICAgICAgICAgICAgICAgICJNb25pdG9yaW5nUG9ydCI6IHNlbGYub3V0X21h + cFsiTU9OSVRPUklOR19FTkRQT0lOVF9QT1JUIl0sCiAgICAgICAgICAgICAgICAgICAgfSwKICAg + ICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdDU0lfUkJEX05PREVf + U0VDUkVUJyBleGlzdHMsIHRoZW4gb25seSBhZGQgJ3Jvb2stY3NpLXJiZC1wcm92aXNpb25lcicg + U2VjcmV0CiAgICAgICAgaWYgKAogICAgICAgICAgICBzZWxmLm91dF9tYXBbIkNTSV9SQkRfTk9E + RV9TRUNSRVQiXQogICAgICAgICAgICBhbmQgc2VsZi5vdXRfbWFwWyJDU0lfUkJEX05PREVfU0VD + UkVUX05BTUUiXQogICAgICAgICk6CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAg + ICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAibmFtZSI6IGYicm9vay17c2VsZi5vdXRf + bWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICJr + aW5kIjogIlNlY3JldCIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAg + ICAgICAgICAgICAgICJ1c2VySUQiOiBzZWxmLm91dF9tYXBbIkNTSV9SQkRfTk9ERV9TRUNSRVRf + TkFNRSJdLAogICAgICAgICAgICAgICAgICAgICAgICAidXNlcktleSI6IHNlbGYub3V0X21hcFsi + Q1NJX1JCRF9OT0RFX1NFQ1JFVCJdLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAg + ICAgICB9CiAgICAgICAgICAgICkKICAgICAgICAjIGlmICdDU0lfUkJEX1BST1ZJU0lPTkVSX1NF + Q1JFVCcgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdyb29rLWNzaS1yYmQtcHJvdmlzaW9uZXInIFNl + Y3JldAogICAgICAgIGlmICgKICAgICAgICAgICAgc2VsZi5vdXRfbWFwWyJDU0lfUkJEX1BST1ZJ + U0lPTkVSX1NFQ1JFVCJdCiAgICAgICAgICAgIGFuZCBzZWxmLm91dF9tYXBbIkNTSV9SQkRfUFJP + VklTSU9ORVJfU0VDUkVUX05BTUUiXQogICAgICAgICk6CiAgICAgICAgICAgIGpzb25fb3V0LmFw + cGVuZCgKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAibmFtZSI6IGYicm9v + ay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAg + ICAgICAgICAgICAgICAgICAia2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJk + YXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAidXNlcklEIjogc2VsZi5vdXRfbWFwWyJD + U0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAg + ICJ1c2VyS2V5Ijogc2VsZi5vdXRfbWFwWyJDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVCJdLAog + ICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICkKICAg + ICAgICAjIGlmICdDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVCcgZXhpc3RzLCB0aGVuIG9u + bHkgYWRkICdyb29rLWNzaS1jZXBoZnMtcHJvdmlzaW9uZXInIFNlY3JldAogICAgICAgIGlmICgK + ICAgICAgICAgICAgc2VsZi5vdXRfbWFwWyJDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVCJd + CiAgICAgICAgICAgIGFuZCBzZWxmLm91dF9tYXBbIkNTSV9DRVBIRlNfUFJPVklTSU9ORVJfU0VD + UkVUX05BTUUiXQogICAgICAgICk6CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAg + ICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAibmFtZSI6IGYicm9vay17c2VsZi5vdXRf + bWFwWydDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAg + ICAgICAgICAia2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewog + ICAgICAgICAgICAgICAgICAgICAgICAiYWRtaW5JRCI6IHNlbGYub3V0X21hcFsiQ1NJX0NFUEhG + U19QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSJdLAogICAgICAgICAgICAgICAgICAgICAgICAiYWRt + aW5LZXkiOiBzZWxmLm91dF9tYXBbIkNTSV9DRVBIRlNfUFJPVklTSU9ORVJfU0VDUkVUIl0sCiAg + ICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAg + ICAgICMgaWYgJ0NTSV9DRVBIRlNfTk9ERV9TRUNSRVQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAn + cm9vay1jc2ktY2VwaGZzLW5vZGUnIFNlY3JldAogICAgICAgIGlmICgKICAgICAgICAgICAgc2Vs + Zi5vdXRfbWFwWyJDU0lfQ0VQSEZTX05PREVfU0VDUkVUIl0KICAgICAgICAgICAgYW5kIHNlbGYu + b3V0X21hcFsiQ1NJX0NFUEhGU19OT0RFX1NFQ1JFVF9OQU1FIl0KICAgICAgICApOgogICAgICAg + ICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAg + ICAgIm5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX0NFUEhGU19OT0RFX1NFQ1JFVF9O + QU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTZWNyZXQiLAogICAgICAgICAg + ICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAiYWRtaW5JRCI6IHNl + bGYub3V0X21hcFsiQ1NJX0NFUEhGU19OT0RFX1NFQ1JFVF9OQU1FIl0sCiAgICAgICAgICAgICAg + ICAgICAgICAgICJhZG1pbktleSI6IHNlbGYub3V0X21hcFsiQ1NJX0NFUEhGU19OT0RFX1NFQ1JF + VCJdLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg + ICkKICAgICAgICAjIGlmICdST09LX0VYVEVSTkFMX0RBU0hCT0FSRF9MSU5LJyBleGlzdHMsIHRo + ZW4gb25seSBhZGQgJ3Jvb2stY2VwaC1kYXNoYm9hcmQtbGluaycgU2VjcmV0CiAgICAgICAgaWYg + c2VsZi5vdXRfbWFwWyJST09LX0VYVEVSTkFMX0RBU0hCT0FSRF9MSU5LIl06CiAgICAgICAgICAg + IGpzb25fb3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAi + bmFtZSI6ICJyb29rLWNlcGgtZGFzaGJvYXJkLWxpbmsiLAogICAgICAgICAgICAgICAgICAgICJr + aW5kIjogIlNlY3JldCIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAg + ICAgICAgICAgICAgICJ1c2VySUQiOiAiY2VwaC1kYXNoYm9hcmQtbGluayIsCiAgICAgICAgICAg + ICAgICAgICAgICAgICJ1c2VyS2V5Ijogc2VsZi5vdXRfbWFwWyJST09LX0VYVEVSTkFMX0RBU0hC + T0FSRF9MSU5LIl0sCiAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAg + ICAgICAgICAgKQogICAgICAgICMgaWYgJ1JBRE9TX05BTUVTUEFDRScgZXhpc3RzLCB0aGVuIG9u + bHkgYWRkIHRoZSAiUkFET1NfTkFNRVNQQUNFIiBuYW1lc3BhY2UKICAgICAgICBpZiAoCiAgICAg + ICAgICAgIHNlbGYub3V0X21hcFsiUkFET1NfTkFNRVNQQUNFIl0KICAgICAgICAgICAgYW5kIHNl + bGYub3V0X21hcFsiUkVTVFJJQ1RFRF9BVVRIX1BFUk1JU1NJT04iXQogICAgICAgICAgICBhbmQg + bm90IHNlbGYub3V0X21hcFsiUkJEX01FVEFEQVRBX0VDX1BPT0xfTkFNRSJdCiAgICAgICAgKToK + ICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAg + ICAgICAgICAgICJuYW1lIjogInJhZG9zLW5hbWVzcGFjZSIsCiAgICAgICAgICAgICAgICAgICAg + ImtpbmQiOiAiQ2VwaEJsb2NrUG9vbFJhZG9zTmFtZXNwYWNlIiwKICAgICAgICAgICAgICAgICAg + ICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgInJhZG9zTmFtZXNwYWNlTmFtZSI6 + IHNlbGYub3V0X21hcFsiUkFET1NfTkFNRVNQQUNFIl0sCiAgICAgICAgICAgICAgICAgICAgICAg + ICJwb29sIjogc2VsZi5vdXRfbWFwWyJSQkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAg + ICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICAgICBqc29uX291 + dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAi + Y2VwaC1yYmQtcmFkb3MtbmFtZXNwYWNlIiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJT + dG9yYWdlQ2xhc3MiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAg + ICAgICAgICAgICAicG9vbCI6IHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdLAogICAgICAg + ICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL3Byb3Zpc2lvbmVyLXNlY3JldC1u + YW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUX05B + TUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRy + b2xsZXItZXhwYW5kLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRf + UFJPVklTSU9ORVJfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAiY3Np + LnN0b3JhZ2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0 + X21hcFsnQ1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICB9 + LAogICAgICAgICAgICAgICAgfQogICAgICAgICAgICApCiAgICAgICAgZWxzZToKICAgICAgICAg + ICAgaWYgc2VsZi5vdXRfbWFwWyJSQkRfTUVUQURBVEFfRUNfUE9PTF9OQU1FIl06CiAgICAgICAg + ICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAg + ICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAgICAgICAgICAgICAgICAg + ICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgICAgICJkYXRhIjog + ewogICAgICAgICAgICAgICAgICAgICAgICAgICAgImRhdGFQb29sIjogc2VsZi5vdXRfbWFwWyJS + QkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicG9vbCI6IHNlbGYu + b3V0X21hcFsiUkJEX01FVEFEQVRBX0VDX1BPT0xfTkFNRSJdLAogICAgICAgICAgICAgICAgICAg + ICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFtZSI6IGYi + cm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwK + ICAgICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxl + ci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9W + SVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiY3Np + LnN0b3JhZ2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0 + X21hcFsnQ1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAg + ICAgfSwKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICApCiAgICAgICAgICAg + IGVsc2U6CiAgICAgICAgICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAg + ICAgewogICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAg + ICAgICAgICAgICAgICAgICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAg + ICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInBvb2wiOiBzZWxm + Lm91dF9tYXBbIlJCRF9QT09MX05BTUUiXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJj + c2kuc3RvcmFnZS5rOHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYu + b3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAg + ICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRyb2xsZXItZXhwYW5kLXNl + Y3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VD + UkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4 + cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9S + QkRfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAg + ICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdDRVBIRlNf + RlNfTkFNRScgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoZnMnIFN0b3JhZ2VDbGFzcwogICAg + ICAgIGlmIHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXToKICAgICAgICAgICAganNvbl9v + dXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjog + ImNlcGhmcyIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwKICAg + ICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImZzTmFt + ZSI6IHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXSwKICAgICAgICAgICAgICAgICAgICAg + ICAgInBvb2wiOiBzZWxmLm91dF9tYXBbIkNFUEhGU19QT09MX05BTUUiXSwKICAgICAgICAgICAg + ICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFtZSI6 + IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1F + J119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9jb250cm9s + bGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZT + X1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNz + aS5zdG9yYWdlLms4cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91 + dF9tYXBbJ0NTSV9DRVBIRlNfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAg + ICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICMgaWYgJ1JHV19F + TkRQT0lOVCcgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoLXJndycgU3RvcmFnZUNsYXNzCiAg + ICAgICAgaWYgc2VsZi5vdXRfbWFwWyJSR1dfRU5EUE9JTlQiXToKICAgICAgICAgICAganNvbl9v + dXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjog + ImNlcGgtcmd3IiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdlQ2xhc3MiLAog + ICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAiZW5k + cG9pbnQiOiBzZWxmLm91dF9tYXBbIlJHV19FTkRQT0lOVCJdLAogICAgICAgICAgICAgICAgICAg + ICAgICAicG9vbFByZWZpeCI6IHNlbGYub3V0X21hcFsiUkdXX1BPT0xfUFJFRklYIl0sCiAgICAg + ICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAg + ICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAg + ICAgIm5hbWUiOiAicmd3LWFkbWluLW9wcy11c2VyIiwKICAgICAgICAgICAgICAgICAgICAia2lu + ZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAg + ICAgICAgICAgICAiYWNjZXNzS2V5Ijogc2VsZi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJf + QUNDRVNTX0tFWSJdLAogICAgICAgICAgICAgICAgICAgICAgICAic2VjcmV0S2V5Ijogc2VsZi5v + dXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJfU0VDUkVUX0tFWSJdLAogICAgICAgICAgICAgICAg + ICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICkKICAgICAgICAjIGlmICdSR1df + VExTX0NFUlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCB0aGUgImNlcGgtcmd3LXRscy1jZXJ0IiBz + ZWNyZXQKICAgICAgICBpZiBzZWxmLm91dF9tYXBbIlJHV19UTFNfQ0VSVCJdOgogICAgICAgICAg + ICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAg + Im5hbWUiOiAiY2VwaC1yZ3ctdGxzLWNlcnQiLAogICAgICAgICAgICAgICAgICAgICJraW5kIjog + IlNlY3JldCIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAgICAg + ICAgICAgICJjZXJ0Ijogc2VsZi5vdXRfbWFwWyJSR1dfVExTX0NFUlQiXSwKICAgICAgICAgICAg + ICAgICAgICB9LAogICAgICAgICAgICAgICAgfQogICAgICAgICAgICApCgogICAgICAgIHJldHVy + biBqc29uLmR1bXBzKGpzb25fb3V0KSArIExJTkVTRVAKCiAgICBkZWYgdXBncmFkZV91c2Vyc19w + ZXJtaXNzaW9ucyhzZWxmKToKICAgICAgICB1c2VycyA9IFsKICAgICAgICAgICAgImNsaWVudC5j + c2ktY2VwaGZzLW5vZGUiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlzaW9u + ZXIiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1yYmQtbm9kZSIsCiAgICAgICAgICAgICJjbGll + bnQuY3NpLXJiZC1wcm92aXNpb25lciIsCiAgICAgICAgICAgICJjbGllbnQuaGVhbHRoY2hlY2tl + ciIsCiAgICAgICAgXQogICAgICAgIGlmIHNlbGYucnVuX2FzX3VzZXIgIT0gIiIgYW5kIHNlbGYu + cnVuX2FzX3VzZXIgbm90IGluIHVzZXJzOgogICAgICAgICAgICB1c2Vycy5hcHBlbmQoc2VsZi5y + dW5fYXNfdXNlcikKICAgICAgICBmb3IgdXNlciBpbiB1c2VyczoKICAgICAgICAgICAgc2VsZi51 + cGdyYWRlX3VzZXJfcGVybWlzc2lvbnModXNlcikKCiAgICBkZWYgZ2V0X3Jnd19wb29sX25hbWVf + ZHVyaW5nX3VwZ3JhZGUoc2VsZiwgdXNlciwgY2Fwcyk6CiAgICAgICAgaWYgdXNlciA9PSAiY2xp + ZW50LmhlYWx0aGNoZWNrZXIiOgogICAgICAgICAgICAjIHdoZW4gYWRtaW4gaGFzIG5vdCBwcm92 + aWRlZCByZ3cgcG9vbCBuYW1lIGR1cmluZyB1cGdyYWRlLAogICAgICAgICAgICAjIGdldCB0aGUg + cmd3IHBvb2wgbmFtZSBmcm9tIGNsaWVudC5oZWFsdGhjaGVja2VyIHVzZXIgd2hpY2ggd2FzIHVz + ZWQgZHVyaW5nIGNvbm5lY3Rpb24KICAgICAgICAgICAgaWYgbm90IHNlbGYuX2FyZ19wYXJzZXIu + cmd3X3Bvb2xfcHJlZml4OgogICAgICAgICAgICAgICAgIyBUbyBnZXQgdmFsdWUgJ2RlZmF1bHQn + IHdoaWNoIGlzIHJndyBwb29sIG5hbWUgZnJvbSAnYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5yZ3cu + bWV0YScKICAgICAgICAgICAgICAgIHBhdHRlcm4gPSByInBvb2w9KC4qPylcLnJnd1wubWV0YSIK + ICAgICAgICAgICAgICAgIG1hdGNoID0gcmUuc2VhcmNoKHBhdHRlcm4sIGNhcHMpCiAgICAgICAg + ICAgICAgICBpZiBtYXRjaDoKICAgICAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2VyLnJn + d19wb29sX3ByZWZpeCA9IG1hdGNoLmdyb3VwKDEpCiAgICAgICAgICAgICAgICBlbHNlOgogICAg + ICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAg + ICAgICAgICAgICAgICAgICJmYWlsZWQgdG8gZ2V0IHJndyBwb29sIG5hbWUgZm9yIHVwZ3JhZGUi + CiAgICAgICAgICAgICAgICAgICAgKQoKICAgIGRlZiB1cGdyYWRlX3VzZXJfcGVybWlzc2lvbnMo + c2VsZiwgdXNlcik6CiAgICAgICAgIyBjaGVjayB3aGV0aGVyIHRoZSBnaXZlbiB1c2VyIGV4aXN0 + cyBvciBub3QKICAgICAgICBjbWRfanNvbiA9IHsicHJlZml4IjogImF1dGggZ2V0IiwgImVudGl0 + eSI6IGYie3VzZXJ9IiwgImZvcm1hdCI6ICJqc29uIn0KICAgICAgICByZXRfdmFsLCBqc29uX291 + dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAgICAg + aWYgcmV0X3ZhbCAhPSAwIG9yIGxlbihqc29uX291dCkgPT0gMDoKICAgICAgICAgICAgcHJpbnQo + ZiJ1c2VyIHt1c2VyfSBub3QgZm91bmQgZm9yIHVwZ3JhZGluZy4iKQogICAgICAgICAgICByZXR1 + cm4KICAgICAgICBleGlzdGluZ19jYXBzID0ganNvbl9vdXRbMF1bImNhcHMiXQogICAgICAgIHNl + bGYuZ2V0X3Jnd19wb29sX25hbWVfZHVyaW5nX3VwZ3JhZGUodXNlciwgc3RyKGV4aXN0aW5nX2Nh + cHMpKQogICAgICAgIG5ld19jYXAsIF8gPSBzZWxmLmdldF9jYXBzX2FuZF9lbnRpdHkodXNlcikK + ICAgICAgICBjYXBfa2V5cyA9IFsibW9uIiwgIm1nciIsICJvc2QiLCAibWRzIl0KICAgICAgICBj + YXBzID0gW10KICAgICAgICBmb3IgZWFjaENhcCBpbiBjYXBfa2V5czoKICAgICAgICAgICAgY3Vy + X2NhcF92YWx1ZXMgPSBleGlzdGluZ19jYXBzLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAgICAg + bmV3X2NhcF92YWx1ZXMgPSBuZXdfY2FwLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAgICAgY3Vy + X2NhcF9wZXJtX2xpc3QgPSBbCiAgICAgICAgICAgICAgICB4LnN0cmlwKCkgZm9yIHggaW4gY3Vy + X2NhcF92YWx1ZXMuc3BsaXQoIiwiKSBpZiB4LnN0cmlwKCkKICAgICAgICAgICAgXQogICAgICAg + ICAgICBuZXdfY2FwX3Blcm1fbGlzdCA9IFsKICAgICAgICAgICAgICAgIHguc3RyaXAoKSBmb3Ig + eCBpbiBuZXdfY2FwX3ZhbHVlcy5zcGxpdCgiLCIpIGlmIHguc3RyaXAoKQogICAgICAgICAgICBd + CiAgICAgICAgICAgICMgYXBwZW5kIG5ld19jYXBfbGlzdCB0byBjdXJfY2FwX2xpc3QgdG8gbWFp + bnRhaW4gdGhlIG9yZGVyIG9mIGNhcHMKICAgICAgICAgICAgY3VyX2NhcF9wZXJtX2xpc3QuZXh0 + ZW5kKG5ld19jYXBfcGVybV9saXN0KQogICAgICAgICAgICAjIGVsaW1pbmF0ZSBkdXBsaWNhdGVz + IHdpdGhvdXQgdXNpbmcgJ3NldCcKICAgICAgICAgICAgIyBzZXQgcmUtb3JkZXJzIGl0ZW1zIGlu + IHRoZSBsaXN0IGFuZCB3ZSBoYXZlIHRvIGtlZXAgdGhlIG9yZGVyCiAgICAgICAgICAgIG5ld19j + YXBfbGlzdCA9IFtdCiAgICAgICAgICAgIFtuZXdfY2FwX2xpc3QuYXBwZW5kKHgpIGZvciB4IGlu + IGN1cl9jYXBfcGVybV9saXN0IGlmIHggbm90IGluIG5ld19jYXBfbGlzdF0KICAgICAgICAgICAg + ZXhpc3RpbmdfY2Fwc1tlYWNoQ2FwXSA9ICIsICIuam9pbihuZXdfY2FwX2xpc3QpCiAgICAgICAg + ICAgIGlmIGV4aXN0aW5nX2NhcHNbZWFjaENhcF06CiAgICAgICAgICAgICAgICBjYXBzLmFwcGVu + ZChlYWNoQ2FwKQogICAgICAgICAgICAgICAgY2Fwcy5hcHBlbmQoZXhpc3RpbmdfY2Fwc1tlYWNo + Q2FwXSkKICAgICAgICBjbWRfanNvbiA9IHsKICAgICAgICAgICAgInByZWZpeCI6ICJhdXRoIGNh + cHMiLAogICAgICAgICAgICAiZW50aXR5IjogdXNlciwKICAgICAgICAgICAgImNhcHMiOiBjYXBz + LAogICAgICAgICAgICAiZm9ybWF0IjogImpzb24iLAogICAgICAgIH0KICAgICAgICByZXRfdmFs + LCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pzb24p + CiAgICAgICAgaWYgcmV0X3ZhbCAhPSAwOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWls + dXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgZiInYXV0aCBjYXBzIHt1c2VyfScgY29tbWFu + ZCBmYWlsZWQuXG4gRXJyb3I6IHtlcnJfbXNnfSIKICAgICAgICAgICAgKQogICAgICAgIHByaW50 + KGYiVXBkYXRlZCB1c2VyIHt1c2VyfSBzdWNjZXNzZnVsbHkuIikKCiAgICBkZWYgbWFpbihzZWxm + KToKICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gIiIKICAgICAgICBpZiBzZWxmLl9hcmdfcGFy + c2VyLnVwZ3JhZGU6CiAgICAgICAgICAgIHNlbGYudXBncmFkZV91c2Vyc19wZXJtaXNzaW9ucygp + CiAgICAgICAgZWxpZiBzZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAianNvbiI6CiAgICAgICAg + ICAgIGdlbmVyYXRlZF9vdXRwdXQgPSBzZWxmLmdlbl9qc29uX291dCgpCiAgICAgICAgZWxpZiBz + ZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAiYmFzaCI6CiAgICAgICAgICAgIGdlbmVyYXRlZF9v + dXRwdXQgPSBzZWxmLmdlbl9zaGVsbF9vdXQoKQogICAgICAgIGVsc2U6CiAgICAgICAgICAgIHJh + aXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICBmIlVuc3VwcG9y + dGVkIGZvcm1hdDoge3NlbGYuX2FyZ19wYXJzZXIuZm9ybWF0fSIKICAgICAgICAgICAgKQogICAg + ICAgIHByaW50KGdlbmVyYXRlZF9vdXRwdXQpCiAgICAgICAgaWYgc2VsZi5vdXRwdXRfZmlsZSBh + bmQgZ2VuZXJhdGVkX291dHB1dDoKICAgICAgICAgICAgZk91dCA9IG9wZW4oc2VsZi5vdXRwdXRf + ZmlsZSwgbW9kZT0idyIsIGVuY29kaW5nPSJVVEYtOCIpCiAgICAgICAgICAgIGZPdXQud3JpdGUo + Z2VuZXJhdGVkX291dHB1dCkKICAgICAgICAgICAgZk91dC5jbG9zZSgpCgoKIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMjIyMjIyMjIyMjIyMjIyMjIyMj + IyBNQUlOICMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMKaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoKICAgIHJqT2Jq + ID0gUmFkb3NKU09OKCkKICAgIHRyeToKICAgICAgICByak9iai5tYWluKCkKICAgIGV4Y2VwdCBF + eGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uIGFzIGVycjoKICAgICAgICBwcmludChmIkV4ZWN1dGlv + biBGYWlsZWQ6IHtlcnJ9IikKICAgICAgICByYWlzZSBlcnIKICAgIGV4Y2VwdCBLZXlFcnJvciBh + cyBrRXJyOgogICAgICAgIHByaW50KGYiS2V5RXJyb3I6IHtrRXJyfSIpCiAgICBleGNlcHQgT1NF + cnJvciBhcyBvc0VycjoKICAgICAgICBwcmludChmIkVycm9yIHdoaWxlIHRyeWluZyB0byBvdXRw + dXQgdGhlIGRhdGE6IHtvc0Vycn0iKQogICAgZmluYWxseToKICAgICAgICByak9iai5zaHV0ZG93 + bigpCg== + name: rook-ceph.v{{.RookOperatorCsvVersion}} + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - kind: CephCluster + name: cephclusters.ceph.rook.io + version: v1 + displayName: Ceph Cluster + description: Represents a Ceph cluster. + - kind: CephBlockPool + name: cephblockpools.ceph.rook.io + version: v1 + displayName: Ceph Block Pool + description: Represents a Ceph Block Pool. + - kind: CephObjectStore + name: cephobjectstores.ceph.rook.io + version: v1 + displayName: Ceph Object Store + description: Represents a Ceph Object Store. + specDescriptors: + - description: Coding Chunks + displayName: Coding Chunks + path: dataPool.erasureCoded.codingChunks + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:dataPool + - urn:alm:descriptor:com.tectonic.ui:number + - description: Data Chunks + displayName: Data Chunks + path: dataPool.erasureCoded.dataChunks + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:dataPool + - urn:alm:descriptor:com.tectonic.ui:number + - description: failureDomain + displayName: failureDomain + path: dataPool.failureDomain + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:dataPool + - urn:alm:descriptor:com.tectonic.ui:text + - description: Size + displayName: Size + path: dataPool.replicated.size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:dataPool + - urn:alm:descriptor:com.tectonic.ui:number + - description: Annotations + displayName: Annotations + path: gateway.annotations + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:io.kubernetes:annotations + - description: Instances + displayName: Instances + path: gateway.instances + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:com.tectonic.ui:number + - description: Resources + displayName: Resources + path: gateway.resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: placement + displayName: placement + path: gateway.placement + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:io.kubernetes:placement + - description: securePort + displayName: securePort + path: gateway.securePort + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:io.kubernetes:securePort + - description: sslCertificateRef + displayName: sslCertificateRef + path: gateway.sslCertificateRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:io.kubernetes:sslCertificateRef + - description: Type + displayName: Type + path: gateway.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:gateway + - urn:alm:descriptor:com.tectonic.ui:text + - description: Coding Chunks + displayName: Coding Chunks + path: metadataPool.erasureCoded.codingChunks + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:metadataPool + - urn:alm:descriptor:com.tectonic.ui:number + - description: Data Chunks + displayName: Data Chunks + path: metadataPool.erasureCoded.dataChunks + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:metadataPool + - urn:alm:descriptor:com.tectonic.ui:number + - description: failureDomain + displayName: failureDomain + path: metadataPool.failureDomain + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:metadataPool + - urn:alm:descriptor:com.tectonic.ui:text + - description: Size + displayName: Size + path: metadataPool.replicated.size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:metadataPool + - urn:alm:descriptor:com.tectonic.ui:number + - kind: CephObjectStoreUser + name: cephobjectstoreusers.ceph.rook.io + version: v1 + displayName: Ceph Object Store User + description: Represents a Ceph Object Store User. + - kind: CephNFS + name: cephnfses.ceph.rook.io + version: v1 + displayName: Ceph NFS + description: Represents a cluster of Ceph NFS ganesha gateways. + - kind: CephClient + name: cephclients.ceph.rook.io + version: v1 + displayName: Ceph Client + description: Represents a Ceph User. + - kind: CephFilesystem + name: cephfilesystems.ceph.rook.io + version: v1 + displayName: Ceph Filesystem + description: Represents a Ceph Filesystem. + - kind: CephFilesystemMirror + name: cephfilesystemmirrors.ceph.rook.io + version: v1 + displayName: Ceph Filesystem Mirror + description: Represents a Ceph Filesystem Mirror. + - kind: CephRBDMirror + name: cephrbdmirrors.ceph.rook.io + version: v1 + displayName: Ceph RBD Mirror + description: Represents a Ceph RBD Mirror. + - kind: CephObjectRealm + name: cephobjectrealms.ceph.rook.io + version: v1 + displayName: Ceph Object Store Realm + description: Represents a Ceph Object Store Realm. + - kind: CephObjectZoneGroup + name: cephobjectzonegroups.ceph.rook.io + version: v1 + displayName: Ceph Object Store Zone Group + description: Represents a Ceph Object Store Zone Group. + - kind: CephObjectZone + name: cephobjectzones.ceph.rook.io + version: v1 + displayName: Ceph Object Store Zone + description: Represents a Ceph Object Store Zone. + - kind: CephBucketNotification + name: cephbucketnotifications.ceph.rook.io + version: v1 + displayName: Ceph Bucket Notification + description: Represents a Ceph Bucket Notification. + - kind: CephBucketTopic + name: cephbuckettopics.ceph.rook.io + version: v1 + displayName: Ceph Bucket Topic + description: Represents a Ceph Bucket Topic. + - kind: CephFilesystemSubVolumeGroup + name: cephfilesystemsubvolumegroups.ceph.rook.io + version: v1 + displayName: Ceph Filesystem SubVolumeGroup + description: Represents a Ceph Filesystem SubVolumeGroup. + - kind: CephBlockPoolRadosNamespace + name: cephblockpoolradosnamespaces.ceph.rook.io + version: v1 + displayName: Ceph BlockPool Rados Namespace + description: Represents a Ceph BlockPool Rados Namespace. + - kind: CephCOSIDriver + name: cephcosidrivers.ceph.rook.io + version: v1 + displayName: Ceph COSI Driver + description: Represents a Ceph COSI Driver. + description: |2 + + The Rook-Ceph storage operator packages, deploys, manages, upgrades and scales Ceph storage for providing persistent storage to infrastructure services (Logging, Metrics, Registry) as well as stateful applications in Kubernetes clusters. + + ## Rook-Ceph Storage Operator + + Rook runs as a cloud-native service in Kubernetes clusters for optimal integration with applications in need of storage, and handles the heavy-lifting behind the scenes such as provisioning and management. + Rook orchestrates battle-tested open-source storage technology Ceph, which has years of production deployments and runs some of the worlds largest clusters. + + Ceph is a massively scalable, software-defined, cloud native storage platform that offers block, file and object storage services. + Ceph can be used to back a wide variety of applications including relational databases, NoSQL databases, CI/CD tool-sets, messaging, AI/ML and analytics applications. + Ceph is a proven storage platform that backs some of the world's largest storage deployments and has a large vibrant open source community backing the project. + + ## Supported features + * **High Availability and resiliency** - Ceph has no single point of failures (SPOF) and all its components work natively in a highly available fashion + * **Data Protection** - Ceph periodically scrub for inconsistent objects and repair them if necessary, making sure your replicas are always coherent + * **Consistent storage platform across hybrid cloud** - Ceph can be deployed anywhere (on-premise or bare metal) and thus offers a similar experience regardless + * **Block, File & Object storage service** - Ceph can expose your data through several storage interfaces, solving all the application use cases + * **Scale up/down** - addition and removal of storage is fully covered by the operator. + * **Dashboard** - The Operator deploys a dashboard for monitoring and introspecting your cluster. + + ## Before you start + https://rook.io/docs/rook/v1.0/k8s-pre-reqs.html + displayName: Rook-Ceph + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIzLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCA3MCA3MCIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgNzAgNzA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojMkIyQjJCO30KPC9zdHlsZT4KPGc+Cgk8Zz4KCQk8Zz4KCQkJPHBhdGggY2xhc3M9InN0MCIgZD0iTTUwLjUsNjcuNkgxOS45Yy04LDAtMTQuNS02LjUtMTQuNS0xNC41VjI5LjJjMC0xLjEsMC45LTIuMSwyLjEtMi4xaDU1LjRjMS4xLDAsMi4xLDAuOSwyLjEsMi4xdjIzLjkKCQkJCUM2NSw2MS4xLDU4LjUsNjcuNiw1MC41LDY3LjZ6IE05LjYsMzEuMnYyMS45YzAsNS43LDQuNiwxMC4zLDEwLjMsMTAuM2gzMC42YzUuNywwLDEwLjMtNC42LDEwLjMtMTAuM1YzMS4ySDkuNnoiLz4KCQk8L2c+CgkJPGc+CgkJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00Mi40LDU2LjdIMjhjLTEuMSwwLTIuMS0wLjktMi4xLTIuMXYtNy4yYzAtNS4xLDQuMi05LjMsOS4zLTkuM3M5LjMsNC4yLDkuMyw5LjN2Ny4yCgkJCQlDNDQuNSw1NS43LDQzLjYsNTYuNyw0Mi40LDU2Ljd6IE0zMCw1Mi41aDEwLjN2LTUuMmMwLTIuOS0yLjMtNS4yLTUuMi01LjJjLTIuOSwwLTUuMiwyLjMtNS4yLDUuMlY1Mi41eiIvPgoJCTwvZz4KCQk8Zz4KCQkJPHBhdGggY2xhc3M9InN0MCIgZD0iTTYyLjksMjMuMkM2Mi45LDIzLjIsNjIuOSwyMy4yLDYyLjksMjMuMmwtMTEuMSwwYy0xLjEsMC0yLjEtMC45LTIuMS0yLjFjMC0xLjEsMC45LTIuMSwyLjEtMi4xCgkJCQljMCwwLDAsMCwwLDBsOS4xLDBWNi43aC02Ljl2My41YzAsMC41LTAuMiwxLjEtMC42LDEuNWMtMC40LDAuNC0wLjksMC42LTEuNSwwLjZsMCwwbC0xMS4xLDBjLTEuMSwwLTIuMS0wLjktMi4xLTIuMVY2LjdoLTYuOQoJCQkJdjMuNWMwLDEuMS0wLjksMi4xLTIuMSwyLjFsLTExLjEsMGMtMC41LDAtMS4xLTAuMi0xLjUtMC42Yy0wLjQtMC40LTAuNi0wLjktMC42LTEuNVY2LjdIOS42djEyLjRoOWMxLjEsMCwyLjEsMC45LDIuMSwyLjEKCQkJCXMtMC45LDIuMS0yLjEsMi4xaC0xMWMtMS4xLDAtMi4xLTAuOS0yLjEtMi4xVjQuNmMwLTEuMSwwLjktMi4xLDIuMS0yLjFoMTEuMWMxLjEsMCwyLjEsMC45LDIuMSwyLjF2My41bDcsMFY0LjYKCQkJCWMwLTEuMSwwLjktMi4xLDIuMS0yLjFoMTEuMWMxLjEsMCwyLjEsMC45LDIuMSwyLjF2My41bDYuOSwwVjQuNmMwLTEuMSwwLjktMi4xLDIuMS0yLjFoMTEuMUM2NCwyLjYsNjUsMy41LDY1LDQuNnYxNi41CgkJCQljMCwwLjUtMC4yLDEuMS0wLjYsMS41QzY0LDIzLDYzLjQsMjMuMiw2Mi45LDIzLjJ6Ii8+CgkJPC9nPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - nodes + - nodes/proxy + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + serviceAccountName: rook-ceph-mgr + - rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + serviceAccountName: rook-ceph-osd + - rules: + - apiGroups: + - "" + resources: + - pods + - nodes + - nodes/proxy + - secrets + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + - persistentvolumes + - persistentvolumeclaims + - endpoints + - services + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - ceph.rook.io + resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephobjectstores + - cephobjectstoreusers + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + verbs: + - get + - list + - watch + - update + - apiGroups: + - ceph.rook.io + resources: + - cephclients/status + - cephclusters/status + - cephblockpools/status + - cephfilesystems/status + - cephnfses/status + - cephobjectstores/status + - cephobjectstoreusers/status + - cephobjectrealms/status + - cephobjectzonegroups/status + - cephobjectzones/status + - cephbuckettopics/status + - cephbucketnotifications/status + - cephrbdmirrors/status + - cephfilesystemmirrors/status + - cephfilesystemsubvolumegroups/status + - cephblockpoolradosnamespaces/status + verbs: + - update + - apiGroups: + - ceph.rook.io + resources: + - cephclients/finalizers + - cephclusters/finalizers + - cephblockpools/finalizers + - cephfilesystems/finalizers + - cephnfses/finalizers + - cephobjectstores/finalizers + - cephobjectstoreusers/finalizers + - cephobjectrealms/finalizers + - cephobjectzonegroups/finalizers + - cephobjectzones/finalizers + - cephbuckettopics/finalizers + - cephbucketnotifications/finalizers + - cephrbdmirrors/finalizers + - cephfilesystemmirrors/finalizers + - cephfilesystemsubvolumegroups/finalizers + - cephblockpoolradosnamespaces/finalizers + verbs: + - update + - apiGroups: + - policy + - apps + - extensions + resources: + - poddisruptionbudgets + - deployments + - replicasets + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - healthchecking.openshift.io + resources: + - machinedisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - machine.openshift.io + resources: + - machines + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - update + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims + verbs: + - list + - watch + - get + - update + - apiGroups: + - objectbucket.io + resources: + - objectbuckets + verbs: + - list + - watch + - get + - create + - update + - delete + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims/status + - objectbuckets/status + verbs: + - update + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims/finalizers + - objectbuckets/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - get + - update + - delete + - watch + - list + - deletecollection + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + serviceAccountName: rook-ceph-system + - rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + serviceAccountName: rook-csi-cephfs-plugin-sa + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch + serviceAccountName: rook-csi-cephfs-provisioner-sa + - rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + serviceAccountName: rook-csi-nfs-plugin-sa + - rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + serviceAccountName: rook-csi-nfs-provisioner-sa + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + serviceAccountName: rook-csi-rbd-plugin-sa + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + serviceAccountName: rook-csi-rbd-provisioner-sa + - rules: + - verbs: + - use + apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - privileged + serviceAccountName: rook-ceph-system + deployments: + - label: + app.kubernetes.io/component: rook-ceph-operator + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + operator: rook + storage-backend: ceph + name: rook-ceph-operator + spec: + replicas: 1 + selector: + matchLabels: + app: rook-ceph-operator + strategy: + type: Recreate + template: + metadata: + labels: + app: rook-ceph-operator + spec: + containers: + - args: + - ceph + - operator + env: + - name: ROOK_CURRENT_NAMESPACE_ONLY + value: "false" + - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED + value: "true" + - name: DISCOVER_DAEMON_UDEV_BLACKLIST + value: (?i)dm-[0-9]+,(?i)rbd[0-9]+,(?i)nbd[0-9]+ + - name: ROOK_ENABLE_MACHINE_DISRUPTION_BUDGET + value: "false" + - name: ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS + value: "5" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: {{.RookOperatorImage}} + name: rook-ceph-operator + resources: {} + securityContext: + runAsGroup: 2016 + runAsNonRoot: true + runAsUser: 2016 + volumeMounts: + - mountPath: /var/lib/rook + name: rook-config + - mountPath: /etc/ceph + name: default-config-dir + serviceAccountName: rook-ceph-system + tolerations: + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 5 + volumes: + - emptyDir: {} + name: rook-config + - emptyDir: {} + name: default-config-dir + permissions: + - rules: + - apiGroups: + - "" + resources: + - pods + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + serviceAccountName: rook-ceph-cmd-reporter + - rules: + - apiGroups: + - "" + resources: + - pods + - services + - pods/log + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephobjectstores + - cephobjectstoreusers + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - apps + resources: + - deployments/scale + - deployments + verbs: + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + serviceAccountName: rook-ceph-mgr + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - cephclusters + - cephclusters/finalizers + verbs: + - get + - list + - create + - update + - delete + serviceAccountName: rook-ceph-osd + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - update + - delete + - list + serviceAccountName: rook-ceph-purge-osd + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + serviceAccountName: rook-ceph-rgw + - rules: + - apiGroups: + - "" + - apps + - extensions + resources: + - secrets + - pods + - pods/log + - services + - configmaps + - deployments + - daemonsets + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + - configmaps + - services + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - apps + - extensions + resources: + - daemonsets + - statefulsets + - deployments + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - delete + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - get + - create + - delete + - apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports + verbs: + - get + - create + serviceAccountName: rook-ceph-system + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + serviceAccountName: rook-csi-cephfs-provisioner-sa + - rules: + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + serviceAccountName: rook-csi-rbd-plugin-sa + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + serviceAccountName: rook-csi-rbd-provisioner-sa + strategy: deployment + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: true + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: false + keywords: + - rook + - ceph + - storage + - object storage + - open source + - block storage + - shared filesystem + links: + - name: Blog + url: https://blog.rook.io + - name: Documentation + url: https://rook.github.io/docs/rook/v1.0/ + maintainers: + - name: Red Hat, Inc. + email: customerservice@redhat.com + maturity: alpha + provider: + name: Provider Name + url: https://your.domain + version: {{.RookOperatorCsvVersion}} + replaces: rook-ceph.v1.1.1 + minKubeVersion: 1.10.0 + labels: + alm-owner-etcd: rookoperator + operated-by: rookoperator + selector: + matchLabels: + alm-owner-etcd: rookoperator + operated-by: rookoperator diff --git a/deploy/charts/rook-ceph/templates/resources.yaml b/deploy/charts/rook-ceph/templates/resources.yaml index 572c5e57a6e4c..2ea191e5cf93d 100644 --- a/deploy/charts/rook-ceph/templates/resources.yaml +++ b/deploy/charts/rook-ceph/templates/resources.yaml @@ -19,27 +19,21 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephBlockPoolRadosNamespace represents a Ceph BlockPool Rados Namespace properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph BlockPool Rados Namespace properties: blockPoolName: - description: BlockPoolName is the name of Ceph BlockPool. Typically it's the name of the CephBlockPool CR. type: string x-kubernetes-validations: - message: blockPoolName is immutable rule: self == oldSelf name: - description: The name of the CephBlockPoolRadosNamespaceSpec namespace. If not set, the default is the name of the CR. type: string x-kubernetes-validations: - message: name is immutable @@ -48,7 +42,6 @@ spec: - blockPoolName type: object status: - description: Status represents the status of a CephBlockPool Rados Namespace properties: info: additionalProperties: @@ -56,7 +49,6 @@ spec: nullable: true type: object phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -92,24 +84,18 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephBlockPool represents a Ceph Storage Pool properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: NamedBlockPoolSpec allows a block pool to be created with a non-default name. This is more specific than the NamedPoolSpec so we get schema validation on the allowed pool names that can be specified. properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -119,28 +105,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -148,46 +127,34 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object name: - description: The desired name of the pool if different from the CephBlockPool CR name. enum: - .rgw.root - .nfs @@ -196,40 +163,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -237,36 +195,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -275,11 +225,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object status: - description: CephBlockPoolStatus represents the mirroring status of Ceph Storage Pool properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -290,12 +238,10 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array @@ -305,7 +251,6 @@ spec: nullable: true type: object mirroringInfo: - description: MirroringInfoSpec is the status of the pool mirroring properties: details: type: string @@ -314,131 +259,91 @@ spec: lastChecked: type: string mode: - description: Mode is the mirroring mode type: string peers: - description: Peers are the list of peer sites connected to that cluster items: - description: PeersSpec contains peer details properties: client_name: - description: ClientName is the CephX user used to connect to the peer type: string direction: - description: Direction is the peer mirroring direction type: string mirror_uuid: - description: MirrorUUID is the mirror UUID type: string site_name: - description: SiteName is the current site name type: string uuid: - description: UUID is the peer UUID type: string type: object type: array site_name: - description: SiteName is the current site name type: string type: object mirroringStatus: - description: MirroringStatusSpec is the status of the pool mirroring properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string summary: - description: Summary is the mirroring status summary properties: daemon_health: - description: DaemonHealth is the health of the mirroring daemon type: string health: - description: Health is the mirroring health type: string image_health: - description: ImageHealth is the health of the mirrored image type: string states: - description: States is the various state for all mirrored images nullable: true properties: error: - description: Error is when the mirroring state is errored type: integer replaying: - description: Replaying is when the replay of the mirroring journal is on-going type: integer starting_replay: - description: StartingReplay is when the replay of the mirroring journal starts type: integer stopped: - description: Stopped is when the mirroring state is stopped type: integer stopping_replay: - description: StopReplaying is when the replay of the mirroring journal stops type: integer syncing: - description: Syncing is when the image is syncing type: integer unknown: - description: Unknown is when the mirroring state is unknown type: integer type: object type: object type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string snapshotScheduleStatus: - description: SnapshotScheduleStatusSpec is the status of the snapshot schedule properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string snapshotSchedules: - description: SnapshotSchedules is the list of snapshots scheduled items: - description: SnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool properties: image: - description: Image is the mirrored image type: string items: - description: Items is the list schedules times for a given snapshot items: - description: SnapshotSchedule is a schedule properties: interval: - description: Interval is the interval in which snapshots will be taken type: string start_time: - description: StartTime is the snapshot starting time type: string type: object type: array namespace: - description: Namespace is the RADOS namespace the image is part of type: string pool: - description: Pool is the pool name type: string type: object nullable: true @@ -474,23 +379,17 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephBucketNotification represents a Bucket Notifications properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BucketNotificationSpec represent the spec of a Bucket Notification properties: events: - description: List of events that should trigger the notification items: - description: BucketNotificationSpec represent the event type of the bucket notification enum: - s3:ObjectCreated:* - s3:ObjectCreated:Put @@ -503,22 +402,17 @@ spec: type: string type: array filter: - description: Spec of notification filter properties: keyFilters: - description: Filters based on the object's key items: - description: NotificationKeyFilterRule represent a single key rule in the Notification Filter spec properties: name: - description: Name of the filter - prefix/suffix/regex enum: - prefix - suffix - regex type: string value: - description: Value to filter on type: string required: - name @@ -526,16 +420,12 @@ spec: type: object type: array metadataFilters: - description: Filters based on the object's metadata items: - description: NotificationFilterRule represent a single rule in the Notification Filter spec properties: name: - description: Name of the metadata or tag minLength: 1 type: string value: - description: Value to filter on type: string required: - name @@ -543,16 +433,12 @@ spec: type: object type: array tagFilters: - description: Filters based on the object's tags items: - description: NotificationFilterRule represent a single rule in the Notification Filter spec properties: name: - description: Name of the metadata or tag minLength: 1 type: string value: - description: Value to filter on type: string required: - name @@ -561,18 +447,15 @@ spec: type: array type: object topic: - description: The name of the topic associated with this notification minLength: 1 type: string required: - topic type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -583,17 +466,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -632,42 +512,32 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephBucketTopic represents a Ceph Object Topic for Bucket Notifications properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BucketTopicSpec represent the spec of a Bucket Topic properties: endpoint: - description: Contains the endpoint spec of the topic properties: amqp: - description: Spec of AMQP endpoint properties: ackLevel: default: broker - description: The ack level required for this topic (none/broker/routeable) enum: - none - broker - routeable type: string disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean exchange: - description: Name of the exchange that is used to route messages based on topics minLength: 1 type: string uri: - description: The URI of the AMQP endpoint to push notification to minLength: 1 type: string required: @@ -675,58 +545,45 @@ spec: - uri type: object http: - description: Spec of HTTP endpoint properties: disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean sendCloudEvents: - description: 'Send the notifications with the CloudEvents header: https://github.com/cloudevents/spec/blob/main/cloudevents/adapters/aws-s3.md' type: boolean uri: - description: The URI of the HTTP endpoint to push notification to minLength: 1 type: string required: - uri type: object kafka: - description: Spec of Kafka endpoint properties: ackLevel: default: broker - description: The ack level required for this topic (none/broker) enum: - none - broker type: string disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean uri: - description: The URI of the Kafka endpoint to push notification to minLength: 1 type: string useSSL: - description: Indicate whether to use SSL when communicating with the broker type: boolean required: - uri type: object type: object objectStoreName: - description: The name of the object store on which to define the topic minLength: 1 type: string objectStoreNamespace: - description: The namespace of the object store on which to define the topic minLength: 1 type: string opaqueData: - description: Data which is sent in each event type: string persistent: - description: Indication whether notifications to this endpoint are persistent or not type: boolean required: - endpoint @@ -734,14 +591,11 @@ spec: - objectStoreNamespace type: object status: - description: BucketTopicStatus represents the Status of a CephBucketTopic properties: ARN: - description: The ARN of the topic generated by the RGW nullable: true type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -780,18 +634,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephClient represents a Ceph Client properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph Client properties: caps: additionalProperties: @@ -804,7 +654,6 @@ spec: - caps type: object status: - description: Status represents the status of a Ceph Client properties: info: additionalProperties: @@ -812,11 +661,9 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -878,26 +725,20 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephCluster is a Ceph storage cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ClusterSpec represents the specification of Ceph Cluster properties: annotations: additionalProperties: additionalProperties: type: string - description: Annotations are annotations type: object - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -906,21 +747,16 @@ spec: additionalProperties: type: string type: object - description: Ceph Config options nullable: true type: object cephVersion: - description: The version information that instructs Rook to orchestrate a particular version of Ceph. nullable: true properties: allowUnsupported: - description: Whether to allow unsupported versions (do not set to true in production) type: boolean image: - description: Image is the container image used to launch the ceph daemons, such as quay.io/ceph/ceph: The full list of images can be found at https://quay.io/repository/ceph/ceph?tab=tags type: string imagePullPolicy: - description: ImagePullPolicy describes a policy for if/when to pull a container image One of Always, Never, IfNotPresent. enum: - IfNotPresent - Always @@ -929,33 +765,26 @@ spec: type: string type: object cleanupPolicy: - description: Indicates user intent when deleting a cluster; blocks orchestration and should not be set if cluster deletion is not imminent. nullable: true properties: allowUninstallWithVolumes: - description: AllowUninstallWithVolumes defines whether we can proceed with the uninstall if they are RBD images still present type: boolean confirmation: - description: Confirmation represents the cleanup confirmation nullable: true pattern: ^$|^yes-really-destroy-data$ type: string sanitizeDisks: - description: SanitizeDisks represents way we sanitize disks nullable: true properties: dataSource: - description: DataSource is the data source to use to sanitize the disk with enum: - zero - random type: string iteration: - description: Iteration is the number of pass to apply the sanitizing format: int32 type: integer method: - description: Method is the method we use to sanitize disks enum: - complete - quick @@ -963,151 +792,115 @@ spec: type: object type: object continueUpgradeAfterChecksEvenIfNotHealthy: - description: ContinueUpgradeAfterChecksEvenIfNotHealthy defines if an upgrade should continue even if PGs are not clean type: boolean crashCollector: - description: A spec for the crash controller nullable: true properties: daysToRetain: - description: DaysToRetain represents the number of days to retain crash until they get pruned type: integer disable: - description: Disable determines whether we should enable the crash collector type: boolean type: object csi: - description: CSI Driver Options applied per cluster. properties: cephfs: - description: CephFS defines CSI Driver settings for CephFS driver. properties: fuseMountOptions: - description: FuseMountOptions defines the mount options for ceph fuse mounter. type: string kernelMountOptions: - description: KernelMountOptions defines the mount options for kernel mounter. type: string type: object readAffinity: - description: ReadAffinity defines the read affinity settings for CSI driver. properties: crushLocationLabels: - description: CrushLocationLabels defines which node labels to use as CRUSH location. This should correspond to the values set in the CRUSH map. items: type: string type: array enabled: - description: Enables read affinity for CSI driver. type: boolean type: object type: object dashboard: - description: Dashboard settings nullable: true properties: enabled: - description: Enabled determines whether to enable the dashboard type: boolean port: - description: Port is the dashboard webserver port maximum: 65535 minimum: 0 type: integer prometheusEndpoint: - description: Endpoint for the Prometheus host type: string prometheusEndpointSSLVerify: - description: Whether to verify the ssl endpoint for prometheus. Set to false for a self-signed cert. type: boolean ssl: - description: SSL determines whether SSL should be used type: boolean urlPrefix: - description: URLPrefix is a prefix for all URLs to use the dashboard with a reverse proxy type: string type: object dataDirHostPath: - description: The path on the host where config and data can be persisted pattern: ^/(\S+) type: string x-kubernetes-validations: - message: DataDirHostPath is immutable rule: self == oldSelf disruptionManagement: - description: A spec for configuring disruption management. nullable: true properties: machineDisruptionBudgetNamespace: - description: Deprecated. Namespace to look for MDBs by the machineDisruptionBudgetController type: string manageMachineDisruptionBudgets: - description: Deprecated. This enables management of machinedisruptionbudgets. type: boolean managePodBudgets: - description: This enables management of poddisruptionbudgets type: boolean osdMaintenanceTimeout: - description: OSDMaintenanceTimeout sets how many additional minutes the DOWN/OUT interval is for drained failure domains it only works if managePodBudgets is true. the default is 30 minutes format: int64 type: integer pgHealthCheckTimeout: - description: PGHealthCheckTimeout is the time (in minutes) that the operator will wait for the placement groups to become healthy (active+clean) after a drain was completed and OSDs came back up. Rook will continue with the next drain if the timeout exceeds. It only works if managePodBudgets is true. No values or 0 means that the operator will wait until the placement groups are healthy before unblocking the next drain. format: int64 type: integer pgHealthyRegex: - description: PgHealthyRegex is the regular expression that is used to determine which PG states should be considered healthy. The default is `^(active\+clean|active\+clean\+scrubbing|active\+clean\+scrubbing\+deep)$` type: string type: object external: - description: Whether the Ceph Cluster is running external to this Kubernetes cluster mon, mgr, osd, mds, and discover daemons will not be created for external clusters. nullable: true properties: enable: - description: Enable determines whether external mode is enabled or not type: boolean type: object x-kubernetes-preserve-unknown-fields: true healthCheck: - description: Internal daemon healthchecks and liveness probe nullable: true properties: daemonHealth: - description: DaemonHealth is the health check for a given daemon nullable: true properties: mon: - description: Monitor represents the health check settings for the Ceph monitor nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string type: object osd: - description: ObjectStorageDaemon represents the health check settings for the Ceph OSDs nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string type: object status: - description: Status represents the health check settings for the Ceph health nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -1115,56 +908,41 @@ spec: type: object livenessProbe: additionalProperties: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1172,43 +950,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1217,65 +986,48 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object - description: LivenessProbe allows changing the livenessProbe configuration for a given daemon type: object startupProbe: additionalProperties: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1283,43 +1035,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1328,109 +1071,82 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object - description: StartupProbe allows changing the startupProbe configuration for a given daemon type: object type: object labels: additionalProperties: additionalProperties: type: string - description: Labels are label for a given daemons type: object - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true logCollector: - description: Logging represents loggings settings nullable: true properties: enabled: - description: Enabled represents whether the log collector is enabled type: boolean maxLogSize: anyOf: - type: integer - type: string - description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true periodicity: - description: Periodicity is the periodicity of the log rotation. pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$ type: string type: object mgr: - description: A spec for mgr related options nullable: true properties: allowMultiplePerNode: - description: AllowMultiplePerNode allows to run multiple managers on the same node (not recommended) type: boolean count: - description: Count is the number of manager daemons to run maximum: 5 minimum: 0 type: integer modules: - description: Modules is the list of ceph manager modules to enable/disable items: - description: Module represents mgr modules that the user wants to enable or disable properties: enabled: - description: Enabled determines whether a module should be enabled or not type: boolean name: - description: Name is the name of the ceph manager module type: string type: object nullable: true type: array type: object mon: - description: A spec for mon related options nullable: true properties: allowMultiplePerNode: - description: AllowMultiplePerNode determines if we can run multiple monitors on the same node (not recommended) type: boolean count: - description: Count is the number of Ceph monitors maximum: 9 minimum: 0 type: integer failureDomainLabel: type: string stretchCluster: - description: StretchCluster is the stretch cluster specification properties: failureDomainLabel: - description: 'FailureDomainLabel the failure domain name (e,g: zone)' type: string subFailureDomain: - description: SubFailureDomain is the failure domain within a zone type: string zones: - description: Zones is the list of zones items: - description: MonZoneSpec represents the specification of a zone in a Ceph Cluster properties: arbiter: - description: Arbiter determines if the zone contains the arbiter used for stretch cluster mode type: boolean name: - description: Name is the name of the zone type: string volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC template properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1450,24 +1166,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1475,26 +1185,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1503,7 +1207,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1512,25 +1215,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1542,21 +1238,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -1566,10 +1257,8 @@ spec: type: array type: object volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC definition properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1589,24 +1278,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1614,26 +1297,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1642,7 +1319,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1651,25 +1327,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1681,41 +1350,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object x-kubernetes-preserve-unknown-fields: true zones: - description: Zones are specified when we want to provide zonal awareness to mons items: - description: MonZoneSpec represents the specification of a zone in a Ceph Cluster properties: arbiter: - description: Arbiter determines if the zone contains the arbiter used for stretch cluster mode type: boolean name: - description: Name is the name of the zone type: string volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC template properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1735,24 +1393,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1760,26 +1412,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1788,7 +1434,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1797,25 +1442,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1827,21 +1465,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -1855,49 +1488,34 @@ spec: - message: stretchCluster zones must be equal to 3 rule: '!has(self.stretchCluster) || (has(self.stretchCluster) && (size(self.stretchCluster.zones) > 0) && (size(self.stretchCluster.zones) == 3))' monitoring: - description: Prometheus based Monitoring settings nullable: true properties: enabled: - description: Enabled determines whether to create the prometheus rules for the ceph cluster. If true, the prometheus types must exist or the creation will fail. Default is false. type: boolean externalMgrEndpoints: - description: ExternalMgrEndpoints points to an existing Ceph prometheus exporter endpoint items: - description: EndpointAddress is a tuple that describes single IP address. properties: hostname: - description: The Hostname of this endpoint type: string ip: - description: The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16). type: string nodeName: - description: 'Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.' type: string targetRef: - description: Reference to object providing the endpoint. properties: apiVersion: - description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic @@ -1908,94 +1526,71 @@ spec: nullable: true type: array externalMgrPrometheusPort: - description: ExternalMgrPrometheusPort Prometheus exporter port maximum: 65535 minimum: 0 type: integer interval: - description: Interval determines prometheus scrape interval type: string metricsDisabled: - description: Whether to disable the metrics reported by Ceph. If false, the prometheus mgr module and Ceph exporter are enabled. If true, the prometheus mgr module and Ceph exporter are both disabled. Default is false. type: boolean port: - description: Port is the prometheus server port maximum: 65535 minimum: 0 type: integer type: object network: - description: Network related configuration nullable: true properties: addressRanges: - description: AddressRanges specify a list of CIDRs that Rook will apply to Ceph's 'public_network' and/or 'cluster_network' configurations. This config section may be used for the "host" or "multus" network providers. nullable: true properties: cluster: - description: Cluster defines a list of CIDRs to use for Ceph cluster network communication. items: - description: "An IPv4 or IPv6 network CIDR. \n This naive kubebuilder regex provides immediate feedback for some typos and for a common problem case where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ type: string type: array public: - description: Public defines a list of CIDRs to use for Ceph public network communication. items: - description: "An IPv4 or IPv6 network CIDR. \n This naive kubebuilder regex provides immediate feedback for some typos and for a common problem case where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ type: string type: array type: object connections: - description: Settings for network connections such as compression and encryption across the wire. nullable: true properties: compression: - description: Compression settings for the network connections. nullable: true properties: enabled: - description: Whether to compress the data in transit across the wire. The default is not set. type: boolean type: object encryption: - description: Encryption settings for the network connections. nullable: true properties: enabled: - description: Whether to encrypt the data in transit across the wire to prevent eavesdropping the data on the network. The default is not set. Even if encryption is not enabled, clients still establish a strong initial authentication for the connection and data integrity is still validated with a crc check. When encryption is enabled, all communication between clients and Ceph daemons, or between Ceph daemons will be encrypted. type: boolean type: object requireMsgr2: - description: Whether to require msgr2 (port 3300) even if compression or encryption are not enabled. If true, the msgr1 port (6789) will be disabled. Requires a kernel that supports msgr2 (kernel 5.11 or CentOS 8.4 or newer). type: boolean type: object dualStack: - description: DualStack determines whether Ceph daemons should listen on both IPv4 and IPv6 type: boolean hostNetwork: - description: HostNetwork to enable host network. If host networking is enabled or disabled on a running cluster, then the operator will automatically fail over all the mons to apply the new network settings. type: boolean ipFamily: - description: IPFamily is the single stack IPv6 or IPv4 protocol enum: - IPv4 - IPv6 nullable: true type: string multiClusterService: - description: Enable multiClusterService to export the Services between peer clusters properties: clusterID: - description: 'ClusterID uniquely identifies a cluster. It is used as a prefix to nslookup exported services. For example: ...svc.clusterset.local' type: string enabled: - description: Enable multiClusterService to export the mon and OSD services to peer cluster. Ensure that peer clusters are connected using an MCS API compatible application, like Globalnet Submariner. type: boolean type: object provider: - description: Provider is what provides network connectivity to the cluster e.g. "host" or "multus". If the Provider is updated from being empty to "host" on a running cluster, then the operator will automatically fail over all the mons to apply the "host" network settings. enum: - "" - host @@ -2008,7 +1603,6 @@ spec: selectors: additionalProperties: type: string - description: "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster networks when the \"multus\" network provider is used. This config section is not used for other network providers. \n Valid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more: https://docs.ceph.com/en/reef/rados/configuration/network-config-ref/ \n Refer to Multus network annotation documentation for help selecting values: https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation \n Rook will make a best-effort attempt to automatically detect CIDR address ranges for given network attachment definitions. Rook's methods are robust but may be imprecise for sufficiently complicated networks. Rook's auto-detection process obtains a new IP address lease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only partially detects, or if underlying networks do not support reusing old IP addresses, it is best to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster. \n As a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client traffic and a theoretical Rook-only network for Ceph replication traffic as shown: selectors: public: \"default/cluster-fast-net\" cluster: \"rook-ceph/ceph-backend-net\"" nullable: true type: object type: object @@ -2498,24 +2092,18 @@ spec: priorityClassNames: additionalProperties: type: string - description: PriorityClassNames sets priority classes on components nullable: true type: object x-kubernetes-preserve-unknown-fields: true removeOSDsIfOutAndSafeToRemove: - description: Remove the OSD that is out and safe to remove only if this option is true type: boolean resources: additionalProperties: - description: ResourceRequirements describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -2531,7 +2119,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2540,50 +2127,39 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object - description: Resources set resource requests and limits nullable: true type: object x-kubernetes-preserve-unknown-fields: true security: - description: Security represents security settings nullable: true properties: keyRotation: - description: KeyRotation defines options for Key Rotation. nullable: true properties: enabled: default: false - description: Enabled represents whether the key rotation is enabled. type: boolean schedule: - description: Schedule represents the cron schedule for key rotation. type: string type: object kms: - description: KeyManagementService is the main Key Management option nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object type: object skipUpgradeChecks: - description: SkipUpgradeChecks defines if an upgrade should be forced even if one of the check fails type: boolean storage: - description: A spec for available storage in the cluster and how it should be used nullable: true properties: config: @@ -2593,15 +2169,11 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true deviceFilter: - description: A regular expression to allow more fine-grained selection of devices on nodes across the cluster type: string devicePathFilter: - description: A regular expression to allow more fine-grained selection of devices with path names type: string devices: - description: List of devices to use as storage devices items: - description: Device represents a disk to use in the cluster properties: config: additionalProperties: @@ -2618,11 +2190,9 @@ spec: type: array x-kubernetes-preserve-unknown-fields: true flappingRestartIntervalHours: - description: FlappingRestartIntervalHours defines the time for which the OSD pods, that failed with zero exit code, will sleep before restarting. This is needed for OSD flapping where OSD daemons are marked down more than 5 times in 600 seconds by Ceph. Preventing the OSD pods to restart immediately in such scenarios will prevent Rook from marking OSD as `up` and thus peering of the PGs mapped to the OSD. User needs to manually restart the OSD pod if they manage to fix the underlying OSD flapping issue before the restart interval. The sleep will be disabled if this interval is set to 0. type: integer nodes: items: - description: Node is a storage nodes properties: config: additionalProperties: @@ -2631,15 +2201,11 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true deviceFilter: - description: A regular expression to allow more fine-grained selection of devices on nodes across the cluster type: string devicePathFilter: - description: A regular expression to allow more fine-grained selection of devices with path names type: string devices: - description: List of devices to use as storage devices items: - description: Device represents a disk to use in the cluster properties: config: additionalProperties: @@ -2658,16 +2224,12 @@ spec: name: type: string resources: - description: ResourceRequirements describes the compute resource requirements. nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -2683,7 +2245,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2692,20 +2253,15 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true useAllDevices: - description: Whether to consume all the storage devices found on a machine type: boolean volumeClaimTemplates: - description: PersistentVolumeClaims to use as storage items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -2725,24 +2281,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -2750,26 +2300,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -2778,7 +2322,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2787,25 +2330,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -2817,21 +2353,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -2843,24 +2374,19 @@ spec: type: boolean storageClassDeviceSets: items: - description: StorageClassDeviceSet is a storage class device set properties: config: additionalProperties: type: string - description: Provider-specific device configuration nullable: true type: object x-kubernetes-preserve-unknown-fields: true count: - description: Count is the number of devices in this set minimum: 1 type: integer encrypted: - description: Whether to encrypt the deviceSet type: boolean name: - description: Name is a unique identifier for the set type: string placement: nullable: true @@ -3338,7 +2864,6 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true portable: - description: Portable represents OSD portability across the hosts type: boolean preparePlacement: nullable: true @@ -3816,16 +3341,12 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true resources: - description: ResourceRequirements describes the compute resource requirements. nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -3841,7 +3362,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3850,26 +3370,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true schedulerName: - description: Scheduler name for OSD pod placement type: string tuneDeviceClass: - description: TuneSlowDeviceClass Tune the OSD when running on a slow Device Class type: boolean tuneFastDeviceClass: - description: TuneFastDeviceClass Tune the OSD when running on a fast Device Class type: boolean volumeClaimTemplates: - description: VolumeClaimTemplates is a list of PVC templates for the underlying storage devices items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -3890,24 +3403,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -3915,26 +3422,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3943,7 +3444,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3952,25 +3452,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3982,21 +3475,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -4009,31 +3497,24 @@ spec: nullable: true type: array store: - description: OSDStore is the backend storage type used for creating the OSDs properties: type: - description: Type of backend storage to be used while creating OSDs. If empty, then bluestore will be used enum: - bluestore - bluestore-rdr type: string updateStore: - description: UpdateStore updates the backend store for existing OSDs. It destroys each OSD one at a time, cleans up the backing disk and prepares same OSD on that disk pattern: ^$|^yes-really-update-store$ type: string type: object useAllDevices: - description: Whether to consume all the storage devices found on a machine type: boolean useAllNodes: type: boolean volumeClaimTemplates: - description: PersistentVolumeClaims to use as storage items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -4053,24 +3534,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -4078,26 +3553,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -4106,7 +3575,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4115,25 +3583,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4145,40 +3606,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object type: array type: object waitTimeoutForHealthyOSDInMinutes: - description: WaitTimeoutForHealthyOSDInMinutes defines the time the operator would wait before an OSD can be stopped for upgrade or restart. If the timeout exceeds and OSD is not ok to stop, then the operator would skip upgrade for the current OSD and proceed with the next one if `continueUpgradeAfterChecksEvenIfNotHealthy` is `false`. If `continueUpgradeAfterChecksEvenIfNotHealthy` is `true`, then operator would continue with the upgrade of an OSD even if its not ok to stop after the timeout. This timeout won't be applied if `skipUpgradeChecks` is `true`. The default wait timeout is 10 minutes. format: int64 type: integer type: object status: - description: ClusterStatus represents the status of a Ceph cluster nullable: true properties: ceph: - description: CephStatus is the details health of a Ceph Cluster properties: capacity: - description: Capacity is the capacity information of a Ceph Cluster properties: bytesAvailable: format: int64 @@ -4194,7 +3646,6 @@ spec: type: object details: additionalProperties: - description: CephHealthMessage represents the health message of a Ceph Cluster properties: message: type: string @@ -4216,53 +3667,43 @@ spec: previousHealth: type: string versions: - description: CephDaemonsVersions show the current ceph version for different ceph daemons properties: cephfs-mirror: additionalProperties: type: integer - description: CephFSMirror shows CephFSMirror Ceph version type: object mds: additionalProperties: type: integer - description: Mds shows Mds Ceph version type: object mgr: additionalProperties: type: integer - description: Mgr shows Mgr Ceph version type: object mon: additionalProperties: type: integer - description: Mon shows Mon Ceph version type: object osd: additionalProperties: type: integer - description: Osd shows Osd Ceph version type: object overall: additionalProperties: type: integer - description: Overall shows overall Ceph version type: object rbd-mirror: additionalProperties: type: integer - description: RbdMirror shows RbdMirror Ceph version type: object rgw: additionalProperties: type: integer - description: Rgw shows Rgw Ceph version type: object type: object type: object conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -4273,50 +3714,40 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array message: type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string state: - description: ClusterState represents the state of a Ceph Cluster type: string storage: - description: CephStorage represents flavors of Ceph Cluster Storage properties: deviceClasses: items: - description: DeviceClasses represents device classes of a Ceph Cluster properties: name: type: string type: object type: array osd: - description: OSDStatus represents OSD status of the ceph Cluster properties: storeType: additionalProperties: type: integer - description: StoreType is a mapping between the OSD backend stores and number of OSDs using these stores type: object type: object type: object version: - description: ClusterVersion represents the version of a Ceph Cluster properties: image: type: string @@ -4355,31 +3786,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephCOSIDriver represents the CRD for the Ceph COSI Driver Deployment properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph COSI Driver properties: deploymentStrategy: - description: DeploymentStrategy is the strategy to use to deploy the COSI driver. enum: - Never - Auto - Always type: string image: - description: Image is the container image to run the Ceph COSI driver type: string objectProvisionerImage: - description: ObjectProvisionerImage is the container image to run the COSI driver sidecar type: string placement: properties: @@ -4855,15 +4279,11 @@ spec: type: array type: object resources: - description: Resources is the resource requirements for the COSI driver properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -4879,7 +4299,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4888,7 +4307,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -4922,29 +4340,23 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystemMirror is the Ceph Filesystem Mirror object definition properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: FilesystemMirroringSpec is the filesystem mirroring specification properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object placement: @@ -5422,19 +4834,14 @@ spec: type: array type: object priorityClassName: - description: PriorityClassName sets priority class on the cephfs-mirror pods type: string resources: - description: The resource requirements for the cephfs-mirror pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -5450,7 +4857,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5459,16 +4865,13 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -5479,17 +4882,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -5534,29 +4934,21 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystem represents a Ceph Filesystem properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: FilesystemSpec represents the spec of a file system properties: dataPools: - description: The data pool settings, with optional predefined pool name. items: - description: NamedPoolSpec represents the named ceph pool spec properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -5566,28 +4958,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -5595,84 +4980,63 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object name: - description: Name of the pool type: string parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -5680,36 +5044,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -5720,14 +5076,11 @@ spec: nullable: true type: array metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -5737,28 +5090,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -5766,40 +5112,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -5807,40 +5142,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -5848,36 +5174,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -5886,82 +5204,62 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object metadataServer: - description: The mds pod info properties: activeCount: - description: The number of metadata servers that are active. The remaining servers in the cluster will be in standby mode. format: int32 maximum: 50 minimum: 1 type: integer activeStandby: - description: Whether each active MDS instance will have an active standby with a warm metadata cache for faster failover. If false, standbys will still be available, but will not have a warm metadata cache. type: boolean annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true livenessProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -5969,43 +5267,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6014,7 +5303,6 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object @@ -6495,19 +5783,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets priority classes on components type: string resources: - description: The resource requirements for the mds pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -6523,7 +5806,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6532,61 +5814,45 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true startupProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -6594,43 +5860,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6639,7 +5896,6 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object @@ -6648,69 +5904,51 @@ spec: - activeCount type: object mirroring: - description: The mirroring settings nullable: true properties: enabled: - description: Enabled whether this filesystem is mirrored or not type: boolean peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotRetention: - description: Retention is the retention policy for a snapshot schedule One path has exactly one retention policy. A policy can however contain multiple count-time period pairs in order to specify complex retention policies items: - description: SnapshotScheduleRetentionSpec is a retention policy properties: duration: - description: Duration represents the retention duration for a snapshot type: string path: - description: Path is the path to snapshot type: string type: object type: array snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored filesystems items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object preserveFilesystemOnDelete: - description: Preserve the fs in the cluster on CephFilesystem CR deletion. Setting this to true automatically implies PreservePoolsOnDelete is true. type: boolean preservePoolsOnDelete: - description: Preserve pools on filesystem deletion type: boolean statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -6723,11 +5961,9 @@ spec: - metadataServer type: object status: - description: CephFilesystemStatus represents the status of a Ceph Filesystem properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -6738,76 +5974,54 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array info: additionalProperties: type: string - description: Use only info and put mirroringStatus in it? nullable: true type: object mirroringStatus: - description: MirroringStatus is the filesystem mirroring status properties: daemonsStatus: - description: PoolMirroringStatus is the mirroring status of a filesystem items: - description: FilesystemMirrorInfoSpec is the filesystem mirror status of a given filesystem properties: daemon_id: - description: DaemonID is the cephfs-mirror name type: integer filesystems: - description: Filesystems is the list of filesystems managed by a given cephfs-mirror daemon items: - description: FilesystemsSpec is spec for the mirrored filesystem properties: directory_count: - description: DirectoryCount is the number of directories in the filesystem type: integer filesystem_id: - description: FilesystemID is the filesystem identifier type: integer name: - description: Name is name of the filesystem type: string peers: - description: Peers represents the mirroring peers items: - description: FilesystemMirrorInfoPeerSpec is the specification of a filesystem peer mirror properties: remote: - description: Remote are the remote cluster information properties: client_name: - description: ClientName is cephx name type: string cluster_name: - description: ClusterName is the name of the cluster type: string fs_name: - description: FsName is the filesystem name type: string type: object stats: - description: Stats are the stat a peer mirror properties: failure_count: - description: FailureCount is the number of mirroring failure type: integer recovery_count: - description: RecoveryCount is the number of recovery attempted after failures type: integer type: object uuid: - description: UUID is the peer unique identifier type: string type: object type: array @@ -6817,79 +6031,56 @@ spec: nullable: true type: array details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string snapshotScheduleStatus: - description: FilesystemSnapshotScheduleStatusSpec is the status of the snapshot schedule properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string snapshotSchedules: - description: SnapshotSchedules is the list of snapshots scheduled items: - description: FilesystemSnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool properties: fs: - description: Fs is the name of the Ceph Filesystem type: string path: - description: Path is the path on the filesystem type: string rel_path: type: string retention: - description: FilesystemSnapshotScheduleStatusRetention is the retention specification for a filesystem snapshot schedule properties: active: - description: Active is whether the scheduled is active or not type: boolean created: - description: Created is when the snapshot schedule was created type: string created_count: - description: CreatedCount is total amount of snapshots type: integer first: - description: First is when the first snapshot schedule was taken type: string last: - description: Last is when the last snapshot schedule was taken type: string last_pruned: - description: LastPruned is when the last snapshot schedule was pruned type: string pruned_count: - description: PrunedCount is total amount of pruned snapshots type: integer start: - description: Start is when the snapshot schedule starts type: string type: object schedule: type: string subvol: - description: Subvol is the name of the sub volume type: string type: object nullable: true @@ -6929,33 +6120,26 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystemSubVolumeGroup represents a Ceph Filesystem SubVolumeGroup properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph Filesystem SubVolumeGroup properties: filesystemName: - description: FilesystemName is the name of Ceph Filesystem SubVolumeGroup volume name. Typically it's the name of the CephFilesystem CR. If not coming from the CephFilesystem CR, it can be retrieved from the list of Ceph Filesystem volumes with `ceph fs volume ls`. To learn more about Ceph Filesystem abstractions see https://docs.ceph.com/en/latest/cephfs/fs-volumes/#fs-volumes-and-subvolumes type: string x-kubernetes-validations: - message: filesystemName is immutable rule: self == oldSelf name: - description: The name of the subvolume group. If not set, the default is the name of the subvolumeGroup CR. type: string x-kubernetes-validations: - message: name is immutable rule: self == oldSelf pinning: - description: Pinning configuration of CephFilesystemSubVolumeGroup, reference https://docs.ceph.com/en/latest/cephfs/fs-volumes/#pinning-subvolumes-and-subvolume-groups only one out of (export, distributed, random) can be set at a time properties: distributed: maximum: 1 @@ -6980,7 +6164,6 @@ spec: - filesystemName type: object status: - description: Status represents the status of a CephFilesystem SubvolumeGroup properties: info: additionalProperties: @@ -6988,11 +6171,9 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -7026,40 +6207,30 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephNFS represents a Ceph NFS properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: NFSGaneshaSpec represents the spec of an nfs ganesha server properties: rados: - description: RADOS is the Ganesha RADOS specification nullable: true properties: namespace: - description: The namespace inside the Ceph pool (set by 'pool') where shared NFS-Ganesha config is stored. This setting is deprecated as it is internally set to the name of the CephNFS. type: string pool: - description: The Ceph pool used store the shared configuration for NFS-Ganesha daemons. This setting is deprecated, as it is internally required to be ".nfs". type: string type: object security: - description: Security allows specifying security configurations for the NFS cluster nullable: true properties: kerberos: - description: Kerberos configures NFS-Ganesha to secure NFS client connections with Kerberos. nullable: true properties: configFiles: - description: "ConfigFiles defines where the Kerberos configuration should be sourced from. Config files will be placed into the `/etc/krb5.conf.rook/` directory. \n If this is left empty, Rook will not add any files. This allows you to manage the files yourself however you wish. For example, you may build them into your custom Ceph container image or use the Vault agent injector to securely add the files via annotations on the CephNFS spec (passed to the NFS server pods). \n Rook configures Kerberos to log to stderr. We suggest removing logging sections from config files to avoid consuming unnecessary disk space from logging to files." properties: volumeSource: properties: @@ -7293,10 +6464,8 @@ spec: type: object type: object domainName: - description: DomainName should be set to the Kerberos Realm. type: string keytabFile: - description: KeytabFile defines where the Kerberos keytab should be sourced from. The keytab file will be placed into `/etc/krb5.keytab`. If this is left empty, Rook will not add the file. This allows you to manage the `krb5.keytab` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods). properties: volumeSource: properties: @@ -7531,23 +6700,17 @@ spec: type: object principalName: default: nfs - description: 'PrincipalName corresponds directly to NFS-Ganesha''s NFS_KRB5:PrincipalName config. In practice, this is the service prefix of the principal name. The default is "nfs". This value is combined with (a) the namespace and name of the CephNFS (with a hyphen between) and (b) the Realm configured in the user-provided krb5.conf to determine the full principal name: /-@. e.g., nfs/rook-ceph-my-nfs@example.net. See https://github.com/nfs-ganesha/nfs-ganesha/wiki/RPCSEC_GSS for more detail.' type: string type: object sssd: - description: SSSD enables integration with System Security Services Daemon (SSSD). SSSD can be used to provide user ID mapping from a number of sources. See https://sssd.io for more information about the SSSD project. nullable: true properties: sidecar: - description: Sidecar tells Rook to run SSSD in a sidecar alongside the NFS-Ganesha server in each NFS pod. properties: additionalFiles: - description: AdditionalFiles defines any number of additional files that should be mounted into the SSSD sidecar. These files may be referenced by the sssd.conf config file. items: - description: SSSDSidecarAdditionalFile represents the source from where additional files for the the SSSD configuration should come from and are made available. properties: subPath: - description: SubPath defines the sub-path in `/etc/sssd/rook-additional/` where the additional file(s) will be placed. Each subPath definition must be unique and must not contain ':'. minLength: 1 pattern: ^[^:]+$ type: string @@ -7787,24 +6950,18 @@ spec: type: object type: array debugLevel: - description: 'DebugLevel sets the debug level for SSSD. If unset or set to 0, Rook does nothing. Otherwise, this may be a value between 1 and 10. See SSSD docs for more info: https://sssd.io/troubleshooting/basics.html#sssd-debug-logs' maximum: 10 minimum: 0 type: integer image: - description: Image defines the container image that should be used for the SSSD sidecar. minLength: 1 type: string resources: - description: Resources allow specifying resource requests/limits on the SSSD sidecar container. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -7820,7 +6977,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7829,11 +6985,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object sssdConfigFile: - description: SSSDConfigFile defines where the SSSD configuration should be sourced from. The config file will be placed into `/etc/sssd/sssd.conf`. If this is left empty, Rook will not add the file. This allows you to manage the `sssd.conf` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods). properties: volumeSource: properties: @@ -8072,80 +7226,60 @@ spec: type: object type: object server: - description: Server is the Ganesha Server specification properties: active: - description: The number of active Ganesha servers type: integer annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true hostNetwork: - description: Whether host networking is enabled for the Ganesha server. If not set, the network settings from the cluster CR will be applied. nullable: true type: boolean labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true livenessProbe: - description: A liveness-probe to verify that Ganesha server has valid run-time state. If LivenessProbe.Disabled is false and LivenessProbe.Probe is nil uses default probe. properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -8153,43 +7287,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -8198,13 +7323,11 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object logLevel: - description: LogLevel set logging level type: string placement: nullable: true @@ -8682,19 +7805,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets the priority class on the pods type: string resources: - description: Resources set resource requests and limits nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -8710,7 +7828,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -8719,7 +7836,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -8730,11 +7846,9 @@ spec: - server type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -8745,17 +7859,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -8790,22 +7901,17 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephObjectRealm represents a Ceph Object Store Gateway Realm properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectRealmSpec represent the spec of an ObjectRealm nullable: true properties: pull: - description: PullSpec represents the pulling specification of a Ceph Object Storage Gateway Realm properties: endpoint: pattern: ^https*:// @@ -8813,11 +7919,9 @@ spec: type: object type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -8828,17 +7932,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -8876,33 +7977,25 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectStore represents a Ceph Object Store Gateway properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectStoreSpec represent the spec of a pool properties: allowUsersInNamespaces: - description: The list of allowed namespaces in addition to the object store namespace where ceph object store users may be created. Specify "*" to allow all namespaces, otherwise list individual namespaces that are to be allowed. This is useful for applications that need object store credentials to be created in their own namespace, where neither OBCs nor COSI is being used to create buckets. The default is empty. items: type: string type: array dataPool: - description: The data pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -8912,28 +8005,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -8941,40 +8027,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -8982,40 +8057,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -9023,36 +8089,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -9061,57 +8119,45 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object gateway: - description: The rgw pod info nullable: true properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true caBundleRef: - description: The name of the secret that stores custom ca-bundle with root and intermediate certificates. nullable: true type: string dashboardEnabled: - description: Whether rgw dashboard is enabled for the rgw daemon. If not set, the rgw dashboard will be enabled. nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true disableMultisiteSyncTraffic: - description: 'DisableMultisiteSyncTraffic, when true, prevents this object store''s gateways from transmitting multisite replication data. Note that this value does not affect whether gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints for that. If false or unset, this object store''s gateways will be able to transmit multisite replication data.' type: boolean externalRgwEndpoints: - description: ExternalRgwEndpoints points to external RGW endpoint(s). Multiple endpoints can be given, but for stability of ObjectBucketClaims, we highly recommend that users give only a single external RGW endpoint that is a load balancer that sends requests to the multiple RGWs. items: - description: EndpointAddress is a tuple that describes a single IP address or host name. This is a subset of Kubernetes's v1.EndpointAddress. properties: hostname: - description: The DNS-addressable Hostname of this endpoint. This field will be preferred over IP if both are given. type: string ip: - description: The IP of this endpoint. As a legacy behavior, this supports being given a DNS-adressable hostname as well. type: string type: object x-kubernetes-map-type: atomic nullable: true type: array hostNetwork: - description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied. nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true instances: - description: The number of pods in the rgw replicaset. format: int32 nullable: true type: integer labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -9591,23 +8637,17 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true port: - description: The port the rgw service will be listening on (http) format: int32 type: integer priorityClassName: - description: PriorityClassName sets priority classes on the rgw pods type: string resources: - description: The resource requirements for the rgw pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -9623,7 +8663,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -9632,87 +8671,66 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true securePort: - description: The port the rgw service will be listening on (https) format: int32 maximum: 65535 minimum: 0 nullable: true type: integer service: - description: The configuration related to add/set on each rgw service. nullable: true properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each rgw service. nullable optional type: object type: object sslCertificateRef: - description: The name of the secret that stores the ssl certificate for secure rgw connections nullable: true type: string type: object healthCheck: - description: The RGW health probes nullable: true properties: readinessProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -9720,43 +8738,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -9765,63 +8774,47 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object x-kubernetes-preserve-unknown-fields: true startupProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -9829,43 +8822,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -9874,21 +8858,17 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object type: object metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -9898,28 +8878,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -9927,40 +8900,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -9968,40 +8930,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10009,36 +8962,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10047,72 +8992,57 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object preservePoolsOnDelete: - description: Preserve pools on object store deletion type: boolean security: - description: Security represents security settings nullable: true properties: keyRotation: - description: KeyRotation defines options for Key Rotation. nullable: true properties: enabled: default: false - description: Enabled represents whether the key rotation is enabled. type: boolean schedule: - description: Schedule represents the cron schedule for key rotation. type: string type: object kms: - description: KeyManagementService is the main Key Management option nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object s3: - description: The settings for supporting AWS-SSE:S3 with RGW nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object type: object zone: - description: The multisite info nullable: true properties: name: - description: RGW Zone the Object Store is in type: string required: - name type: object type: object status: - description: ObjectStoreStatus represents the status of a Ceph Object Store resource properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10123,12 +9053,10 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array @@ -10153,11 +9081,9 @@ spec: message: type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -10196,25 +9122,19 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectStoreUser represents a Ceph Object Store Gateway User properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectStoreUserSpec represent the spec of an Objectstoreuser properties: capabilities: - description: Additional admin-level capabilities for the Ceph object store user nullable: true properties: amz-cache: - description: Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/quincy/radosgw/rgw-cache/#cache-api enum: - '*' - read @@ -10222,7 +9142,6 @@ spec: - read, write type: string bilog: - description: Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10230,7 +9149,6 @@ spec: - read, write type: string bucket: - description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10238,7 +9156,6 @@ spec: - read, write type: string buckets: - description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10246,7 +9163,6 @@ spec: - read, write type: string datalog: - description: Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10254,7 +9170,6 @@ spec: - read, write type: string info: - description: Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10262,7 +9177,6 @@ spec: - read, write type: string mdlog: - description: Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10270,7 +9184,6 @@ spec: - read, write type: string metadata: - description: Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10278,7 +9191,6 @@ spec: - read, write type: string oidc-provider: - description: Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10286,7 +9198,6 @@ spec: - read, write type: string ratelimit: - description: Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10294,7 +9205,6 @@ spec: - read, write type: string roles: - description: Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10302,7 +9212,6 @@ spec: - read, write type: string usage: - description: Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10310,7 +9219,6 @@ spec: - read, write type: string user: - description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10318,7 +9226,6 @@ spec: - read, write type: string user-policy: - description: Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10326,7 +9233,6 @@ spec: - read, write type: string users: - description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10334,7 +9240,6 @@ spec: - read, write type: string zone: - description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10343,21 +9248,16 @@ spec: type: string type: object clusterNamespace: - description: The namespace where the parent CephCluster and CephObjectStore are found type: string displayName: - description: The display name for the ceph users type: string quotas: - description: ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more nullable: true properties: maxBuckets: - description: Maximum bucket limit for the ceph user nullable: true type: integer maxObjects: - description: Maximum number of objects across all the user's buckets format: int64 nullable: true type: integer @@ -10365,17 +9265,14 @@ spec: anyOf: - type: integer - type: string - description: Maximum size limit of all objects across all the user's buckets See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info. nullable: true pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object store: - description: The store the user will be created in type: string type: object status: - description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User properties: info: additionalProperties: @@ -10383,7 +9280,6 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10422,31 +9318,24 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectZoneGroup represents a Ceph Object Store Gateway Zone Group properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectZoneGroupSpec represent the spec of an ObjectZoneGroup properties: realm: - description: The display name for the ceph users type: string required: - realm type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10457,17 +9346,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10506,34 +9392,26 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectZone represents a Ceph Object Store Gateway Zone properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectZoneSpec represent the spec of an ObjectZone properties: customEndpoints: - description: "If this zone cannot be accessed from other peer Ceph clusters via the ClusterIP Service endpoint created by Rook, you must set this to the externally reachable endpoint(s). You may include the port in the definition. For example: \"https://my-object-store.my-domain.net:443\". In many cases, you should set this to the endpoint of the ingress resource that makes the CephObjectStore associated with this CephObjectStoreZone reachable to peer clusters. The list can have one or more endpoints pointing to different RGW servers in the zone. \n If a CephObjectStore endpoint is omitted from this list, that object store's gateways will not receive multisite replication data (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." items: type: string nullable: true type: array dataPool: - description: The data pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -10543,28 +9421,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -10572,40 +9443,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -10613,40 +9473,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10654,36 +9505,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10692,14 +9535,11 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -10709,28 +9549,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -10738,40 +9571,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -10779,40 +9601,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10820,36 +9633,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10859,10 +9664,8 @@ spec: type: object preservePoolsOnDelete: default: true - description: Preserve pools on object zone deletion type: boolean zoneGroup: - description: The display name for the ceph users type: string required: - dataPool @@ -10870,11 +9673,9 @@ spec: - zoneGroup type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10885,17 +9686,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10934,43 +9732,34 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephRBDMirror represents a Ceph RBD Mirror properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: RBDMirroringSpec represents the specification of an RBD mirror daemon properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true count: - description: Count represents the number of rbd mirror instance to run minimum: 1 type: integer labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array @@ -11451,19 +10240,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets priority class on the rbd mirror pods type: string resources: - description: The resource requirements for the rbd mirror pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -11479,7 +10263,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11488,7 +10271,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -11496,11 +10278,9 @@ spec: - count type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -11511,17 +10291,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -11536,122 +10313,5 @@ spec: storage: true subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: objectbucketclaims.objectbucket.io - annotations: - helm.sh/resource-policy: keep -spec: - group: objectbucket.io - names: - kind: ObjectBucketClaim - listKind: ObjectBucketClaimList - plural: objectbucketclaims - singular: objectbucketclaim - shortNames: - - obc - - obcs - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - storageClassName: - type: string - bucketName: - type: string - generateBucketName: - type: string - additionalConfig: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - objectBucketName: - type: string - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: objectbuckets.objectbucket.io - annotations: - helm.sh/resource-policy: keep -spec: - group: objectbucket.io - names: - kind: ObjectBucket - listKind: ObjectBucketList - plural: objectbuckets - singular: objectbucket - shortNames: - - ob - - obs - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - storageClassName: - type: string - endpoint: - type: object - nullable: true - properties: - bucketHost: - type: string - bucketPort: - type: integer - format: int32 - bucketName: - type: string - region: - type: string - subRegion: - type: string - additionalConfig: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - authentication: - type: object - nullable: true - items: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalState: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - reclaimPolicy: - type: string - claimRef: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} {{- end }} diff --git a/deploy/examples/crds.yaml b/deploy/examples/crds.yaml index e08ce43bb3ba5..73320d7688376 100644 --- a/deploy/examples/crds.yaml +++ b/deploy/examples/crds.yaml @@ -22,27 +22,21 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephBlockPoolRadosNamespace represents a Ceph BlockPool Rados Namespace properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph BlockPool Rados Namespace properties: blockPoolName: - description: BlockPoolName is the name of Ceph BlockPool. Typically it's the name of the CephBlockPool CR. type: string x-kubernetes-validations: - message: blockPoolName is immutable rule: self == oldSelf name: - description: The name of the CephBlockPoolRadosNamespaceSpec namespace. If not set, the default is the name of the CR. type: string x-kubernetes-validations: - message: name is immutable @@ -51,7 +45,6 @@ spec: - blockPoolName type: object status: - description: Status represents the status of a CephBlockPool Rados Namespace properties: info: additionalProperties: @@ -59,7 +52,6 @@ spec: nullable: true type: object phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -94,24 +86,18 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephBlockPool represents a Ceph Storage Pool properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: NamedBlockPoolSpec allows a block pool to be created with a non-default name. This is more specific than the NamedPoolSpec so we get schema validation on the allowed pool names that can be specified. properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -121,28 +107,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -150,46 +129,34 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object name: - description: The desired name of the pool if different from the CephBlockPool CR name. enum: - .rgw.root - .nfs @@ -198,40 +165,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -239,36 +197,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -277,11 +227,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object status: - description: CephBlockPoolStatus represents the mirroring status of Ceph Storage Pool properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -292,12 +240,10 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array @@ -307,7 +253,6 @@ spec: nullable: true type: object mirroringInfo: - description: MirroringInfoSpec is the status of the pool mirroring properties: details: type: string @@ -316,131 +261,91 @@ spec: lastChecked: type: string mode: - description: Mode is the mirroring mode type: string peers: - description: Peers are the list of peer sites connected to that cluster items: - description: PeersSpec contains peer details properties: client_name: - description: ClientName is the CephX user used to connect to the peer type: string direction: - description: Direction is the peer mirroring direction type: string mirror_uuid: - description: MirrorUUID is the mirror UUID type: string site_name: - description: SiteName is the current site name type: string uuid: - description: UUID is the peer UUID type: string type: object type: array site_name: - description: SiteName is the current site name type: string type: object mirroringStatus: - description: MirroringStatusSpec is the status of the pool mirroring properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string summary: - description: Summary is the mirroring status summary properties: daemon_health: - description: DaemonHealth is the health of the mirroring daemon type: string health: - description: Health is the mirroring health type: string image_health: - description: ImageHealth is the health of the mirrored image type: string states: - description: States is the various state for all mirrored images nullable: true properties: error: - description: Error is when the mirroring state is errored type: integer replaying: - description: Replaying is when the replay of the mirroring journal is on-going type: integer starting_replay: - description: StartingReplay is when the replay of the mirroring journal starts type: integer stopped: - description: Stopped is when the mirroring state is stopped type: integer stopping_replay: - description: StopReplaying is when the replay of the mirroring journal stops type: integer syncing: - description: Syncing is when the image is syncing type: integer unknown: - description: Unknown is when the mirroring state is unknown type: integer type: object type: object type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string snapshotScheduleStatus: - description: SnapshotScheduleStatusSpec is the status of the snapshot schedule properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string snapshotSchedules: - description: SnapshotSchedules is the list of snapshots scheduled items: - description: SnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool properties: image: - description: Image is the mirrored image type: string items: - description: Items is the list schedules times for a given snapshot items: - description: SnapshotSchedule is a schedule properties: interval: - description: Interval is the interval in which snapshots will be taken type: string start_time: - description: StartTime is the snapshot starting time type: string type: object type: array namespace: - description: Namespace is the RADOS namespace the image is part of type: string pool: - description: Pool is the pool name type: string type: object nullable: true @@ -475,23 +380,17 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephBucketNotification represents a Bucket Notifications properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BucketNotificationSpec represent the spec of a Bucket Notification properties: events: - description: List of events that should trigger the notification items: - description: BucketNotificationSpec represent the event type of the bucket notification enum: - s3:ObjectCreated:* - s3:ObjectCreated:Put @@ -504,22 +403,17 @@ spec: type: string type: array filter: - description: Spec of notification filter properties: keyFilters: - description: Filters based on the object's key items: - description: NotificationKeyFilterRule represent a single key rule in the Notification Filter spec properties: name: - description: Name of the filter - prefix/suffix/regex enum: - prefix - suffix - regex type: string value: - description: Value to filter on type: string required: - name @@ -527,16 +421,12 @@ spec: type: object type: array metadataFilters: - description: Filters based on the object's metadata items: - description: NotificationFilterRule represent a single rule in the Notification Filter spec properties: name: - description: Name of the metadata or tag minLength: 1 type: string value: - description: Value to filter on type: string required: - name @@ -544,16 +434,12 @@ spec: type: object type: array tagFilters: - description: Filters based on the object's tags items: - description: NotificationFilterRule represent a single rule in the Notification Filter spec properties: name: - description: Name of the metadata or tag minLength: 1 type: string value: - description: Value to filter on type: string required: - name @@ -562,18 +448,15 @@ spec: type: array type: object topic: - description: The name of the topic associated with this notification minLength: 1 type: string required: - topic type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -584,17 +467,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -632,42 +512,32 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephBucketTopic represents a Ceph Object Topic for Bucket Notifications properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BucketTopicSpec represent the spec of a Bucket Topic properties: endpoint: - description: Contains the endpoint spec of the topic properties: amqp: - description: Spec of AMQP endpoint properties: ackLevel: default: broker - description: The ack level required for this topic (none/broker/routeable) enum: - none - broker - routeable type: string disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean exchange: - description: Name of the exchange that is used to route messages based on topics minLength: 1 type: string uri: - description: The URI of the AMQP endpoint to push notification to minLength: 1 type: string required: @@ -675,58 +545,45 @@ spec: - uri type: object http: - description: Spec of HTTP endpoint properties: disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean sendCloudEvents: - description: 'Send the notifications with the CloudEvents header: https://github.com/cloudevents/spec/blob/main/cloudevents/adapters/aws-s3.md' type: boolean uri: - description: The URI of the HTTP endpoint to push notification to minLength: 1 type: string required: - uri type: object kafka: - description: Spec of Kafka endpoint properties: ackLevel: default: broker - description: The ack level required for this topic (none/broker) enum: - none - broker type: string disableVerifySSL: - description: Indicate whether the server certificate is validated by the client or not type: boolean uri: - description: The URI of the Kafka endpoint to push notification to minLength: 1 type: string useSSL: - description: Indicate whether to use SSL when communicating with the broker type: boolean required: - uri type: object type: object objectStoreName: - description: The name of the object store on which to define the topic minLength: 1 type: string objectStoreNamespace: - description: The namespace of the object store on which to define the topic minLength: 1 type: string opaqueData: - description: Data which is sent in each event type: string persistent: - description: Indication whether notifications to this endpoint are persistent or not type: boolean required: - endpoint @@ -734,14 +591,11 @@ spec: - objectStoreNamespace type: object status: - description: BucketTopicStatus represents the Status of a CephBucketTopic properties: ARN: - description: The ARN of the topic generated by the RGW nullable: true type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -779,18 +633,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephClient represents a Ceph Client properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph Client properties: caps: additionalProperties: @@ -803,7 +653,6 @@ spec: - caps type: object status: - description: Status represents the status of a Ceph Client properties: info: additionalProperties: @@ -811,11 +660,9 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -876,26 +723,20 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephCluster is a Ceph storage cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ClusterSpec represents the specification of Ceph Cluster properties: annotations: additionalProperties: additionalProperties: type: string - description: Annotations are annotations type: object - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -904,21 +745,16 @@ spec: additionalProperties: type: string type: object - description: Ceph Config options nullable: true type: object cephVersion: - description: The version information that instructs Rook to orchestrate a particular version of Ceph. nullable: true properties: allowUnsupported: - description: Whether to allow unsupported versions (do not set to true in production) type: boolean image: - description: Image is the container image used to launch the ceph daemons, such as quay.io/ceph/ceph: The full list of images can be found at https://quay.io/repository/ceph/ceph?tab=tags type: string imagePullPolicy: - description: ImagePullPolicy describes a policy for if/when to pull a container image One of Always, Never, IfNotPresent. enum: - IfNotPresent - Always @@ -927,33 +763,26 @@ spec: type: string type: object cleanupPolicy: - description: Indicates user intent when deleting a cluster; blocks orchestration and should not be set if cluster deletion is not imminent. nullable: true properties: allowUninstallWithVolumes: - description: AllowUninstallWithVolumes defines whether we can proceed with the uninstall if they are RBD images still present type: boolean confirmation: - description: Confirmation represents the cleanup confirmation nullable: true pattern: ^$|^yes-really-destroy-data$ type: string sanitizeDisks: - description: SanitizeDisks represents way we sanitize disks nullable: true properties: dataSource: - description: DataSource is the data source to use to sanitize the disk with enum: - zero - random type: string iteration: - description: Iteration is the number of pass to apply the sanitizing format: int32 type: integer method: - description: Method is the method we use to sanitize disks enum: - complete - quick @@ -961,151 +790,115 @@ spec: type: object type: object continueUpgradeAfterChecksEvenIfNotHealthy: - description: ContinueUpgradeAfterChecksEvenIfNotHealthy defines if an upgrade should continue even if PGs are not clean type: boolean crashCollector: - description: A spec for the crash controller nullable: true properties: daysToRetain: - description: DaysToRetain represents the number of days to retain crash until they get pruned type: integer disable: - description: Disable determines whether we should enable the crash collector type: boolean type: object csi: - description: CSI Driver Options applied per cluster. properties: cephfs: - description: CephFS defines CSI Driver settings for CephFS driver. properties: fuseMountOptions: - description: FuseMountOptions defines the mount options for ceph fuse mounter. type: string kernelMountOptions: - description: KernelMountOptions defines the mount options for kernel mounter. type: string type: object readAffinity: - description: ReadAffinity defines the read affinity settings for CSI driver. properties: crushLocationLabels: - description: CrushLocationLabels defines which node labels to use as CRUSH location. This should correspond to the values set in the CRUSH map. items: type: string type: array enabled: - description: Enables read affinity for CSI driver. type: boolean type: object type: object dashboard: - description: Dashboard settings nullable: true properties: enabled: - description: Enabled determines whether to enable the dashboard type: boolean port: - description: Port is the dashboard webserver port maximum: 65535 minimum: 0 type: integer prometheusEndpoint: - description: Endpoint for the Prometheus host type: string prometheusEndpointSSLVerify: - description: Whether to verify the ssl endpoint for prometheus. Set to false for a self-signed cert. type: boolean ssl: - description: SSL determines whether SSL should be used type: boolean urlPrefix: - description: URLPrefix is a prefix for all URLs to use the dashboard with a reverse proxy type: string type: object dataDirHostPath: - description: The path on the host where config and data can be persisted pattern: ^/(\S+) type: string x-kubernetes-validations: - message: DataDirHostPath is immutable rule: self == oldSelf disruptionManagement: - description: A spec for configuring disruption management. nullable: true properties: machineDisruptionBudgetNamespace: - description: Deprecated. Namespace to look for MDBs by the machineDisruptionBudgetController type: string manageMachineDisruptionBudgets: - description: Deprecated. This enables management of machinedisruptionbudgets. type: boolean managePodBudgets: - description: This enables management of poddisruptionbudgets type: boolean osdMaintenanceTimeout: - description: OSDMaintenanceTimeout sets how many additional minutes the DOWN/OUT interval is for drained failure domains it only works if managePodBudgets is true. the default is 30 minutes format: int64 type: integer pgHealthCheckTimeout: - description: PGHealthCheckTimeout is the time (in minutes) that the operator will wait for the placement groups to become healthy (active+clean) after a drain was completed and OSDs came back up. Rook will continue with the next drain if the timeout exceeds. It only works if managePodBudgets is true. No values or 0 means that the operator will wait until the placement groups are healthy before unblocking the next drain. format: int64 type: integer pgHealthyRegex: - description: PgHealthyRegex is the regular expression that is used to determine which PG states should be considered healthy. The default is `^(active\+clean|active\+clean\+scrubbing|active\+clean\+scrubbing\+deep)$` type: string type: object external: - description: Whether the Ceph Cluster is running external to this Kubernetes cluster mon, mgr, osd, mds, and discover daemons will not be created for external clusters. nullable: true properties: enable: - description: Enable determines whether external mode is enabled or not type: boolean type: object x-kubernetes-preserve-unknown-fields: true healthCheck: - description: Internal daemon healthchecks and liveness probe nullable: true properties: daemonHealth: - description: DaemonHealth is the health check for a given daemon nullable: true properties: mon: - description: Monitor represents the health check settings for the Ceph monitor nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string type: object osd: - description: ObjectStorageDaemon represents the health check settings for the Ceph OSDs nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string type: object status: - description: Status represents the health check settings for the Ceph health nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -1113,56 +906,41 @@ spec: type: object livenessProbe: additionalProperties: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1170,43 +948,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1215,65 +984,48 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object - description: LivenessProbe allows changing the livenessProbe configuration for a given daemon type: object startupProbe: additionalProperties: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1281,43 +1033,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1326,109 +1069,82 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object - description: StartupProbe allows changing the startupProbe configuration for a given daemon type: object type: object labels: additionalProperties: additionalProperties: type: string - description: Labels are label for a given daemons type: object - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true logCollector: - description: Logging represents loggings settings nullable: true properties: enabled: - description: Enabled represents whether the log collector is enabled type: boolean maxLogSize: anyOf: - type: integer - type: string - description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true periodicity: - description: Periodicity is the periodicity of the log rotation. pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$ type: string type: object mgr: - description: A spec for mgr related options nullable: true properties: allowMultiplePerNode: - description: AllowMultiplePerNode allows to run multiple managers on the same node (not recommended) type: boolean count: - description: Count is the number of manager daemons to run maximum: 5 minimum: 0 type: integer modules: - description: Modules is the list of ceph manager modules to enable/disable items: - description: Module represents mgr modules that the user wants to enable or disable properties: enabled: - description: Enabled determines whether a module should be enabled or not type: boolean name: - description: Name is the name of the ceph manager module type: string type: object nullable: true type: array type: object mon: - description: A spec for mon related options nullable: true properties: allowMultiplePerNode: - description: AllowMultiplePerNode determines if we can run multiple monitors on the same node (not recommended) type: boolean count: - description: Count is the number of Ceph monitors maximum: 9 minimum: 0 type: integer failureDomainLabel: type: string stretchCluster: - description: StretchCluster is the stretch cluster specification properties: failureDomainLabel: - description: 'FailureDomainLabel the failure domain name (e,g: zone)' type: string subFailureDomain: - description: SubFailureDomain is the failure domain within a zone type: string zones: - description: Zones is the list of zones items: - description: MonZoneSpec represents the specification of a zone in a Ceph Cluster properties: arbiter: - description: Arbiter determines if the zone contains the arbiter used for stretch cluster mode type: boolean name: - description: Name is the name of the zone type: string volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC template properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1448,24 +1164,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1473,26 +1183,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1501,7 +1205,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1510,25 +1213,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1540,21 +1236,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -1564,10 +1255,8 @@ spec: type: array type: object volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC definition properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1587,24 +1276,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1612,26 +1295,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1640,7 +1317,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1649,25 +1325,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1679,41 +1348,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object x-kubernetes-preserve-unknown-fields: true zones: - description: Zones are specified when we want to provide zonal awareness to mons items: - description: MonZoneSpec represents the specification of a zone in a Ceph Cluster properties: arbiter: - description: Arbiter determines if the zone contains the arbiter used for stretch cluster mode type: boolean name: - description: Name is the name of the zone type: string volumeClaimTemplate: - description: VolumeClaimTemplate is the PVC template properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -1733,24 +1391,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -1758,26 +1410,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1786,7 +1432,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1795,25 +1440,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -1825,21 +1463,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -1853,49 +1486,34 @@ spec: - message: stretchCluster zones must be equal to 3 rule: '!has(self.stretchCluster) || (has(self.stretchCluster) && (size(self.stretchCluster.zones) > 0) && (size(self.stretchCluster.zones) == 3))' monitoring: - description: Prometheus based Monitoring settings nullable: true properties: enabled: - description: Enabled determines whether to create the prometheus rules for the ceph cluster. If true, the prometheus types must exist or the creation will fail. Default is false. type: boolean externalMgrEndpoints: - description: ExternalMgrEndpoints points to an existing Ceph prometheus exporter endpoint items: - description: EndpointAddress is a tuple that describes single IP address. properties: hostname: - description: The Hostname of this endpoint type: string ip: - description: The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16). type: string nodeName: - description: 'Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.' type: string targetRef: - description: Reference to object providing the endpoint. properties: apiVersion: - description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic @@ -1906,94 +1524,71 @@ spec: nullable: true type: array externalMgrPrometheusPort: - description: ExternalMgrPrometheusPort Prometheus exporter port maximum: 65535 minimum: 0 type: integer interval: - description: Interval determines prometheus scrape interval type: string metricsDisabled: - description: Whether to disable the metrics reported by Ceph. If false, the prometheus mgr module and Ceph exporter are enabled. If true, the prometheus mgr module and Ceph exporter are both disabled. Default is false. type: boolean port: - description: Port is the prometheus server port maximum: 65535 minimum: 0 type: integer type: object network: - description: Network related configuration nullable: true properties: addressRanges: - description: AddressRanges specify a list of CIDRs that Rook will apply to Ceph's 'public_network' and/or 'cluster_network' configurations. This config section may be used for the "host" or "multus" network providers. nullable: true properties: cluster: - description: Cluster defines a list of CIDRs to use for Ceph cluster network communication. items: - description: "An IPv4 or IPv6 network CIDR. \n This naive kubebuilder regex provides immediate feedback for some typos and for a common problem case where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ type: string type: array public: - description: Public defines a list of CIDRs to use for Ceph public network communication. items: - description: "An IPv4 or IPv6 network CIDR. \n This naive kubebuilder regex provides immediate feedback for some typos and for a common problem case where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ type: string type: array type: object connections: - description: Settings for network connections such as compression and encryption across the wire. nullable: true properties: compression: - description: Compression settings for the network connections. nullable: true properties: enabled: - description: Whether to compress the data in transit across the wire. The default is not set. type: boolean type: object encryption: - description: Encryption settings for the network connections. nullable: true properties: enabled: - description: Whether to encrypt the data in transit across the wire to prevent eavesdropping the data on the network. The default is not set. Even if encryption is not enabled, clients still establish a strong initial authentication for the connection and data integrity is still validated with a crc check. When encryption is enabled, all communication between clients and Ceph daemons, or between Ceph daemons will be encrypted. type: boolean type: object requireMsgr2: - description: Whether to require msgr2 (port 3300) even if compression or encryption are not enabled. If true, the msgr1 port (6789) will be disabled. Requires a kernel that supports msgr2 (kernel 5.11 or CentOS 8.4 or newer). type: boolean type: object dualStack: - description: DualStack determines whether Ceph daemons should listen on both IPv4 and IPv6 type: boolean hostNetwork: - description: HostNetwork to enable host network. If host networking is enabled or disabled on a running cluster, then the operator will automatically fail over all the mons to apply the new network settings. type: boolean ipFamily: - description: IPFamily is the single stack IPv6 or IPv4 protocol enum: - IPv4 - IPv6 nullable: true type: string multiClusterService: - description: Enable multiClusterService to export the Services between peer clusters properties: clusterID: - description: 'ClusterID uniquely identifies a cluster. It is used as a prefix to nslookup exported services. For example: ...svc.clusterset.local' type: string enabled: - description: Enable multiClusterService to export the mon and OSD services to peer cluster. Ensure that peer clusters are connected using an MCS API compatible application, like Globalnet Submariner. type: boolean type: object provider: - description: Provider is what provides network connectivity to the cluster e.g. "host" or "multus". If the Provider is updated from being empty to "host" on a running cluster, then the operator will automatically fail over all the mons to apply the "host" network settings. enum: - "" - host @@ -2006,7 +1601,6 @@ spec: selectors: additionalProperties: type: string - description: "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster networks when the \"multus\" network provider is used. This config section is not used for other network providers. \n Valid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more: https://docs.ceph.com/en/reef/rados/configuration/network-config-ref/ \n Refer to Multus network annotation documentation for help selecting values: https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation \n Rook will make a best-effort attempt to automatically detect CIDR address ranges for given network attachment definitions. Rook's methods are robust but may be imprecise for sufficiently complicated networks. Rook's auto-detection process obtains a new IP address lease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only partially detects, or if underlying networks do not support reusing old IP addresses, it is best to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster. \n As a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client traffic and a theoretical Rook-only network for Ceph replication traffic as shown: selectors: public: \"default/cluster-fast-net\" cluster: \"rook-ceph/ceph-backend-net\"" nullable: true type: object type: object @@ -2496,24 +2090,18 @@ spec: priorityClassNames: additionalProperties: type: string - description: PriorityClassNames sets priority classes on components nullable: true type: object x-kubernetes-preserve-unknown-fields: true removeOSDsIfOutAndSafeToRemove: - description: Remove the OSD that is out and safe to remove only if this option is true type: boolean resources: additionalProperties: - description: ResourceRequirements describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -2529,7 +2117,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2538,50 +2125,39 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object - description: Resources set resource requests and limits nullable: true type: object x-kubernetes-preserve-unknown-fields: true security: - description: Security represents security settings nullable: true properties: keyRotation: - description: KeyRotation defines options for Key Rotation. nullable: true properties: enabled: default: false - description: Enabled represents whether the key rotation is enabled. type: boolean schedule: - description: Schedule represents the cron schedule for key rotation. type: string type: object kms: - description: KeyManagementService is the main Key Management option nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object type: object skipUpgradeChecks: - description: SkipUpgradeChecks defines if an upgrade should be forced even if one of the check fails type: boolean storage: - description: A spec for available storage in the cluster and how it should be used nullable: true properties: config: @@ -2591,15 +2167,11 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true deviceFilter: - description: A regular expression to allow more fine-grained selection of devices on nodes across the cluster type: string devicePathFilter: - description: A regular expression to allow more fine-grained selection of devices with path names type: string devices: - description: List of devices to use as storage devices items: - description: Device represents a disk to use in the cluster properties: config: additionalProperties: @@ -2616,11 +2188,9 @@ spec: type: array x-kubernetes-preserve-unknown-fields: true flappingRestartIntervalHours: - description: FlappingRestartIntervalHours defines the time for which the OSD pods, that failed with zero exit code, will sleep before restarting. This is needed for OSD flapping where OSD daemons are marked down more than 5 times in 600 seconds by Ceph. Preventing the OSD pods to restart immediately in such scenarios will prevent Rook from marking OSD as `up` and thus peering of the PGs mapped to the OSD. User needs to manually restart the OSD pod if they manage to fix the underlying OSD flapping issue before the restart interval. The sleep will be disabled if this interval is set to 0. type: integer nodes: items: - description: Node is a storage nodes properties: config: additionalProperties: @@ -2629,15 +2199,11 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true deviceFilter: - description: A regular expression to allow more fine-grained selection of devices on nodes across the cluster type: string devicePathFilter: - description: A regular expression to allow more fine-grained selection of devices with path names type: string devices: - description: List of devices to use as storage devices items: - description: Device represents a disk to use in the cluster properties: config: additionalProperties: @@ -2656,16 +2222,12 @@ spec: name: type: string resources: - description: ResourceRequirements describes the compute resource requirements. nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -2681,7 +2243,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2690,20 +2251,15 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true useAllDevices: - description: Whether to consume all the storage devices found on a machine type: boolean volumeClaimTemplates: - description: PersistentVolumeClaims to use as storage items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -2723,24 +2279,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -2748,26 +2298,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -2776,7 +2320,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2785,25 +2328,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -2815,21 +2351,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -2841,24 +2372,19 @@ spec: type: boolean storageClassDeviceSets: items: - description: StorageClassDeviceSet is a storage class device set properties: config: additionalProperties: type: string - description: Provider-specific device configuration nullable: true type: object x-kubernetes-preserve-unknown-fields: true count: - description: Count is the number of devices in this set minimum: 1 type: integer encrypted: - description: Whether to encrypt the deviceSet type: boolean name: - description: Name is a unique identifier for the set type: string placement: nullable: true @@ -3336,7 +2862,6 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true portable: - description: Portable represents OSD portability across the hosts type: boolean preparePlacement: nullable: true @@ -3814,16 +3339,12 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true resources: - description: ResourceRequirements describes the compute resource requirements. nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -3839,7 +3360,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3848,26 +3368,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true schedulerName: - description: Scheduler name for OSD pod placement type: string tuneDeviceClass: - description: TuneSlowDeviceClass Tune the OSD when running on a slow Device Class type: boolean tuneFastDeviceClass: - description: TuneFastDeviceClass Tune the OSD when running on a fast Device Class type: boolean volumeClaimTemplates: - description: VolumeClaimTemplates is a list of PVC templates for the underlying storage devices items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -3888,24 +3401,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -3913,26 +3420,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3941,7 +3442,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3950,25 +3450,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3980,21 +3473,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object @@ -4007,31 +3495,24 @@ spec: nullable: true type: array store: - description: OSDStore is the backend storage type used for creating the OSDs properties: type: - description: Type of backend storage to be used while creating OSDs. If empty, then bluestore will be used enum: - bluestore - bluestore-rdr type: string updateStore: - description: UpdateStore updates the backend store for existing OSDs. It destroys each OSD one at a time, cleans up the backing disk and prepares same OSD on that disk pattern: ^$|^yes-really-update-store$ type: string type: object useAllDevices: - description: Whether to consume all the storage devices found on a machine type: boolean useAllNodes: type: boolean volumeClaimTemplates: - description: PersistentVolumeClaims to use as storage items: - description: VolumeClaimTemplate is a simplified version of K8s corev1's PVC. It has no type meta or status. properties: metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: @@ -4051,24 +3532,18 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -4076,26 +3551,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -4104,7 +3573,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4113,25 +3581,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4143,40 +3604,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it''s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object type: object type: array type: object waitTimeoutForHealthyOSDInMinutes: - description: WaitTimeoutForHealthyOSDInMinutes defines the time the operator would wait before an OSD can be stopped for upgrade or restart. If the timeout exceeds and OSD is not ok to stop, then the operator would skip upgrade for the current OSD and proceed with the next one if `continueUpgradeAfterChecksEvenIfNotHealthy` is `false`. If `continueUpgradeAfterChecksEvenIfNotHealthy` is `true`, then operator would continue with the upgrade of an OSD even if its not ok to stop after the timeout. This timeout won't be applied if `skipUpgradeChecks` is `true`. The default wait timeout is 10 minutes. format: int64 type: integer type: object status: - description: ClusterStatus represents the status of a Ceph cluster nullable: true properties: ceph: - description: CephStatus is the details health of a Ceph Cluster properties: capacity: - description: Capacity is the capacity information of a Ceph Cluster properties: bytesAvailable: format: int64 @@ -4192,7 +3644,6 @@ spec: type: object details: additionalProperties: - description: CephHealthMessage represents the health message of a Ceph Cluster properties: message: type: string @@ -4214,53 +3665,43 @@ spec: previousHealth: type: string versions: - description: CephDaemonsVersions show the current ceph version for different ceph daemons properties: cephfs-mirror: additionalProperties: type: integer - description: CephFSMirror shows CephFSMirror Ceph version type: object mds: additionalProperties: type: integer - description: Mds shows Mds Ceph version type: object mgr: additionalProperties: type: integer - description: Mgr shows Mgr Ceph version type: object mon: additionalProperties: type: integer - description: Mon shows Mon Ceph version type: object osd: additionalProperties: type: integer - description: Osd shows Osd Ceph version type: object overall: additionalProperties: type: integer - description: Overall shows overall Ceph version type: object rbd-mirror: additionalProperties: type: integer - description: RbdMirror shows RbdMirror Ceph version type: object rgw: additionalProperties: type: integer - description: Rgw shows Rgw Ceph version type: object type: object type: object conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -4271,50 +3712,40 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array message: type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string state: - description: ClusterState represents the state of a Ceph Cluster type: string storage: - description: CephStorage represents flavors of Ceph Cluster Storage properties: deviceClasses: items: - description: DeviceClasses represents device classes of a Ceph Cluster properties: name: type: string type: object type: array osd: - description: OSDStatus represents OSD status of the ceph Cluster properties: storeType: additionalProperties: type: integer - description: StoreType is a mapping between the OSD backend stores and number of OSDs using these stores type: object type: object type: object version: - description: ClusterVersion represents the version of a Ceph Cluster properties: image: type: string @@ -4352,31 +3783,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephCOSIDriver represents the CRD for the Ceph COSI Driver Deployment properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph COSI Driver properties: deploymentStrategy: - description: DeploymentStrategy is the strategy to use to deploy the COSI driver. enum: - Never - Auto - Always type: string image: - description: Image is the container image to run the Ceph COSI driver type: string objectProvisionerImage: - description: ObjectProvisionerImage is the container image to run the COSI driver sidecar type: string placement: properties: @@ -4852,15 +4276,11 @@ spec: type: array type: object resources: - description: Resources is the resource requirements for the COSI driver properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -4876,7 +4296,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4885,7 +4304,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -4918,29 +4336,23 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystemMirror is the Ceph Filesystem Mirror object definition properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: FilesystemMirroringSpec is the filesystem mirroring specification properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object placement: @@ -5418,19 +4830,14 @@ spec: type: array type: object priorityClassName: - description: PriorityClassName sets priority class on the cephfs-mirror pods type: string resources: - description: The resource requirements for the cephfs-mirror pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -5446,7 +4853,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5455,16 +4861,13 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -5475,17 +4878,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -5529,29 +4929,21 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystem represents a Ceph Filesystem properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: FilesystemSpec represents the spec of a file system properties: dataPools: - description: The data pool settings, with optional predefined pool name. items: - description: NamedPoolSpec represents the named ceph pool spec properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -5561,28 +4953,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -5590,84 +4975,63 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object name: - description: Name of the pool type: string parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -5675,36 +5039,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -5715,14 +5071,11 @@ spec: nullable: true type: array metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -5732,28 +5085,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -5761,40 +5107,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -5802,40 +5137,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -5843,36 +5169,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -5881,82 +5199,62 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object metadataServer: - description: The mds pod info properties: activeCount: - description: The number of metadata servers that are active. The remaining servers in the cluster will be in standby mode. format: int32 maximum: 50 minimum: 1 type: integer activeStandby: - description: Whether each active MDS instance will have an active standby with a warm metadata cache for faster failover. If false, standbys will still be available, but will not have a warm metadata cache. type: boolean annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true livenessProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -5964,43 +5262,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6009,7 +5298,6 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object @@ -6490,19 +5778,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets priority classes on components type: string resources: - description: The resource requirements for the mds pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -6518,7 +5801,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6527,61 +5809,45 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true startupProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -6589,43 +5855,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6634,7 +5891,6 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object @@ -6643,69 +5899,51 @@ spec: - activeCount type: object mirroring: - description: The mirroring settings nullable: true properties: enabled: - description: Enabled whether this filesystem is mirrored or not type: boolean peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotRetention: - description: Retention is the retention policy for a snapshot schedule One path has exactly one retention policy. A policy can however contain multiple count-time period pairs in order to specify complex retention policies items: - description: SnapshotScheduleRetentionSpec is a retention policy properties: duration: - description: Duration represents the retention duration for a snapshot type: string path: - description: Path is the path to snapshot type: string type: object type: array snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored filesystems items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array type: object preserveFilesystemOnDelete: - description: Preserve the fs in the cluster on CephFilesystem CR deletion. Setting this to true automatically implies PreservePoolsOnDelete is true. type: boolean preservePoolsOnDelete: - description: Preserve pools on filesystem deletion type: boolean statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -6718,11 +5956,9 @@ spec: - metadataServer type: object status: - description: CephFilesystemStatus represents the status of a Ceph Filesystem properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -6733,76 +5969,54 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array info: additionalProperties: type: string - description: Use only info and put mirroringStatus in it? nullable: true type: object mirroringStatus: - description: MirroringStatus is the filesystem mirroring status properties: daemonsStatus: - description: PoolMirroringStatus is the mirroring status of a filesystem items: - description: FilesystemMirrorInfoSpec is the filesystem mirror status of a given filesystem properties: daemon_id: - description: DaemonID is the cephfs-mirror name type: integer filesystems: - description: Filesystems is the list of filesystems managed by a given cephfs-mirror daemon items: - description: FilesystemsSpec is spec for the mirrored filesystem properties: directory_count: - description: DirectoryCount is the number of directories in the filesystem type: integer filesystem_id: - description: FilesystemID is the filesystem identifier type: integer name: - description: Name is name of the filesystem type: string peers: - description: Peers represents the mirroring peers items: - description: FilesystemMirrorInfoPeerSpec is the specification of a filesystem peer mirror properties: remote: - description: Remote are the remote cluster information properties: client_name: - description: ClientName is cephx name type: string cluster_name: - description: ClusterName is the name of the cluster type: string fs_name: - description: FsName is the filesystem name type: string type: object stats: - description: Stats are the stat a peer mirror properties: failure_count: - description: FailureCount is the number of mirroring failure type: integer recovery_count: - description: RecoveryCount is the number of recovery attempted after failures type: integer type: object uuid: - description: UUID is the peer unique identifier type: string type: object type: array @@ -6812,79 +6026,56 @@ spec: nullable: true type: array details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string snapshotScheduleStatus: - description: FilesystemSnapshotScheduleStatusSpec is the status of the snapshot schedule properties: details: - description: Details contains potential status errors type: string lastChanged: - description: LastChanged is the last time time the status last changed type: string lastChecked: - description: LastChecked is the last time time the status was checked type: string snapshotSchedules: - description: SnapshotSchedules is the list of snapshots scheduled items: - description: FilesystemSnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool properties: fs: - description: Fs is the name of the Ceph Filesystem type: string path: - description: Path is the path on the filesystem type: string rel_path: type: string retention: - description: FilesystemSnapshotScheduleStatusRetention is the retention specification for a filesystem snapshot schedule properties: active: - description: Active is whether the scheduled is active or not type: boolean created: - description: Created is when the snapshot schedule was created type: string created_count: - description: CreatedCount is total amount of snapshots type: integer first: - description: First is when the first snapshot schedule was taken type: string last: - description: Last is when the last snapshot schedule was taken type: string last_pruned: - description: LastPruned is when the last snapshot schedule was pruned type: string pruned_count: - description: PrunedCount is total amount of pruned snapshots type: integer start: - description: Start is when the snapshot schedule starts type: string type: object schedule: type: string subvol: - description: Subvol is the name of the sub volume type: string type: object nullable: true @@ -6923,33 +6114,26 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephFilesystemSubVolumeGroup represents a Ceph Filesystem SubVolumeGroup properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec represents the specification of a Ceph Filesystem SubVolumeGroup properties: filesystemName: - description: FilesystemName is the name of Ceph Filesystem SubVolumeGroup volume name. Typically it's the name of the CephFilesystem CR. If not coming from the CephFilesystem CR, it can be retrieved from the list of Ceph Filesystem volumes with `ceph fs volume ls`. To learn more about Ceph Filesystem abstractions see https://docs.ceph.com/en/latest/cephfs/fs-volumes/#fs-volumes-and-subvolumes type: string x-kubernetes-validations: - message: filesystemName is immutable rule: self == oldSelf name: - description: The name of the subvolume group. If not set, the default is the name of the subvolumeGroup CR. type: string x-kubernetes-validations: - message: name is immutable rule: self == oldSelf pinning: - description: Pinning configuration of CephFilesystemSubVolumeGroup, reference https://docs.ceph.com/en/latest/cephfs/fs-volumes/#pinning-subvolumes-and-subvolume-groups only one out of (export, distributed, random) can be set at a time properties: distributed: maximum: 1 @@ -6974,7 +6158,6 @@ spec: - filesystemName type: object status: - description: Status represents the status of a CephFilesystem SubvolumeGroup properties: info: additionalProperties: @@ -6982,11 +6165,9 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -7019,40 +6200,30 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephNFS represents a Ceph NFS properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: NFSGaneshaSpec represents the spec of an nfs ganesha server properties: rados: - description: RADOS is the Ganesha RADOS specification nullable: true properties: namespace: - description: The namespace inside the Ceph pool (set by 'pool') where shared NFS-Ganesha config is stored. This setting is deprecated as it is internally set to the name of the CephNFS. type: string pool: - description: The Ceph pool used store the shared configuration for NFS-Ganesha daemons. This setting is deprecated, as it is internally required to be ".nfs". type: string type: object security: - description: Security allows specifying security configurations for the NFS cluster nullable: true properties: kerberos: - description: Kerberos configures NFS-Ganesha to secure NFS client connections with Kerberos. nullable: true properties: configFiles: - description: "ConfigFiles defines where the Kerberos configuration should be sourced from. Config files will be placed into the `/etc/krb5.conf.rook/` directory. \n If this is left empty, Rook will not add any files. This allows you to manage the files yourself however you wish. For example, you may build them into your custom Ceph container image or use the Vault agent injector to securely add the files via annotations on the CephNFS spec (passed to the NFS server pods). \n Rook configures Kerberos to log to stderr. We suggest removing logging sections from config files to avoid consuming unnecessary disk space from logging to files." properties: volumeSource: properties: @@ -7286,10 +6457,8 @@ spec: type: object type: object domainName: - description: DomainName should be set to the Kerberos Realm. type: string keytabFile: - description: KeytabFile defines where the Kerberos keytab should be sourced from. The keytab file will be placed into `/etc/krb5.keytab`. If this is left empty, Rook will not add the file. This allows you to manage the `krb5.keytab` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods). properties: volumeSource: properties: @@ -7524,23 +6693,17 @@ spec: type: object principalName: default: nfs - description: 'PrincipalName corresponds directly to NFS-Ganesha''s NFS_KRB5:PrincipalName config. In practice, this is the service prefix of the principal name. The default is "nfs". This value is combined with (a) the namespace and name of the CephNFS (with a hyphen between) and (b) the Realm configured in the user-provided krb5.conf to determine the full principal name: /-@. e.g., nfs/rook-ceph-my-nfs@example.net. See https://github.com/nfs-ganesha/nfs-ganesha/wiki/RPCSEC_GSS for more detail.' type: string type: object sssd: - description: SSSD enables integration with System Security Services Daemon (SSSD). SSSD can be used to provide user ID mapping from a number of sources. See https://sssd.io for more information about the SSSD project. nullable: true properties: sidecar: - description: Sidecar tells Rook to run SSSD in a sidecar alongside the NFS-Ganesha server in each NFS pod. properties: additionalFiles: - description: AdditionalFiles defines any number of additional files that should be mounted into the SSSD sidecar. These files may be referenced by the sssd.conf config file. items: - description: SSSDSidecarAdditionalFile represents the source from where additional files for the the SSSD configuration should come from and are made available. properties: subPath: - description: SubPath defines the sub-path in `/etc/sssd/rook-additional/` where the additional file(s) will be placed. Each subPath definition must be unique and must not contain ':'. minLength: 1 pattern: ^[^:]+$ type: string @@ -7780,24 +6943,18 @@ spec: type: object type: array debugLevel: - description: 'DebugLevel sets the debug level for SSSD. If unset or set to 0, Rook does nothing. Otherwise, this may be a value between 1 and 10. See SSSD docs for more info: https://sssd.io/troubleshooting/basics.html#sssd-debug-logs' maximum: 10 minimum: 0 type: integer image: - description: Image defines the container image that should be used for the SSSD sidecar. minLength: 1 type: string resources: - description: Resources allow specifying resource requests/limits on the SSSD sidecar container. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -7813,7 +6970,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7822,11 +6978,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object sssdConfigFile: - description: SSSDConfigFile defines where the SSSD configuration should be sourced from. The config file will be placed into `/etc/sssd/sssd.conf`. If this is left empty, Rook will not add the file. This allows you to manage the `sssd.conf` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods). properties: volumeSource: properties: @@ -8065,80 +7219,60 @@ spec: type: object type: object server: - description: Server is the Ganesha Server specification properties: active: - description: The number of active Ganesha servers type: integer annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true hostNetwork: - description: Whether host networking is enabled for the Ganesha server. If not set, the network settings from the cluster CR will be applied. nullable: true type: boolean labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true livenessProbe: - description: A liveness-probe to verify that Ganesha server has valid run-time state. If LivenessProbe.Disabled is false and LivenessProbe.Probe is nil uses default probe. properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -8146,43 +7280,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -8191,13 +7316,11 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object logLevel: - description: LogLevel set logging level type: string placement: nullable: true @@ -8675,19 +7798,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets the priority class on the pods type: string resources: - description: Resources set resource requests and limits nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -8703,7 +7821,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -8712,7 +7829,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -8723,11 +7839,9 @@ spec: - server type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -8738,17 +7852,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -8782,22 +7893,17 @@ spec: - name: v1 schema: openAPIV3Schema: - description: CephObjectRealm represents a Ceph Object Store Gateway Realm properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectRealmSpec represent the spec of an ObjectRealm nullable: true properties: pull: - description: PullSpec represents the pulling specification of a Ceph Object Storage Gateway Realm properties: endpoint: pattern: ^https*:// @@ -8805,11 +7911,9 @@ spec: type: object type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -8820,17 +7924,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -8867,33 +7968,25 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectStore represents a Ceph Object Store Gateway properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectStoreSpec represent the spec of a pool properties: allowUsersInNamespaces: - description: The list of allowed namespaces in addition to the object store namespace where ceph object store users may be created. Specify "*" to allow all namespaces, otherwise list individual namespaces that are to be allowed. This is useful for applications that need object store credentials to be created in their own namespace, where neither OBCs nor COSI is being used to create buckets. The default is empty. items: type: string type: array dataPool: - description: The data pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -8903,28 +7996,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -8932,40 +8018,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -8973,40 +8048,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -9014,36 +8080,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -9052,57 +8110,45 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object gateway: - description: The rgw pod info nullable: true properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true caBundleRef: - description: The name of the secret that stores custom ca-bundle with root and intermediate certificates. nullable: true type: string dashboardEnabled: - description: Whether rgw dashboard is enabled for the rgw daemon. If not set, the rgw dashboard will be enabled. nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true disableMultisiteSyncTraffic: - description: 'DisableMultisiteSyncTraffic, when true, prevents this object store''s gateways from transmitting multisite replication data. Note that this value does not affect whether gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints for that. If false or unset, this object store''s gateways will be able to transmit multisite replication data.' type: boolean externalRgwEndpoints: - description: ExternalRgwEndpoints points to external RGW endpoint(s). Multiple endpoints can be given, but for stability of ObjectBucketClaims, we highly recommend that users give only a single external RGW endpoint that is a load balancer that sends requests to the multiple RGWs. items: - description: EndpointAddress is a tuple that describes a single IP address or host name. This is a subset of Kubernetes's v1.EndpointAddress. properties: hostname: - description: The DNS-addressable Hostname of this endpoint. This field will be preferred over IP if both are given. type: string ip: - description: The IP of this endpoint. As a legacy behavior, this supports being given a DNS-adressable hostname as well. type: string type: object x-kubernetes-map-type: atomic nullable: true type: array hostNetwork: - description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied. nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true instances: - description: The number of pods in the rgw replicaset. format: int32 nullable: true type: integer labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -9582,23 +8628,17 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true port: - description: The port the rgw service will be listening on (http) format: int32 type: integer priorityClassName: - description: PriorityClassName sets priority classes on the rgw pods type: string resources: - description: The resource requirements for the rgw pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -9614,7 +8654,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -9623,87 +8662,66 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true securePort: - description: The port the rgw service will be listening on (https) format: int32 maximum: 65535 minimum: 0 nullable: true type: integer service: - description: The configuration related to add/set on each rgw service. nullable: true properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each rgw service. nullable optional type: object type: object sslCertificateRef: - description: The name of the secret that stores the ssl certificate for secure rgw connections nullable: true type: string type: object healthCheck: - description: The RGW health probes nullable: true properties: readinessProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -9711,43 +8729,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -9756,63 +8765,47 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object x-kubernetes-preserve-unknown-fields: true startupProbe: - description: ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon properties: disabled: - description: Disabled determines whether probe is disable or not type: boolean probe: - description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -9820,43 +8813,34 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -9865,21 +8849,17 @@ spec: format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object type: object type: object metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -9889,28 +8869,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -9918,40 +8891,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -9959,40 +8921,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10000,36 +8953,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10038,72 +8983,57 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object preservePoolsOnDelete: - description: Preserve pools on object store deletion type: boolean security: - description: Security represents security settings nullable: true properties: keyRotation: - description: KeyRotation defines options for Key Rotation. nullable: true properties: enabled: default: false - description: Enabled represents whether the key rotation is enabled. type: boolean schedule: - description: Schedule represents the cron schedule for key rotation. type: string type: object kms: - description: KeyManagementService is the main Key Management option nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object s3: - description: The settings for supporting AWS-SSE:S3 with RGW nullable: true properties: connectionDetails: additionalProperties: type: string - description: ConnectionDetails contains the KMS connection details (address, port etc) nullable: true type: object x-kubernetes-preserve-unknown-fields: true tokenSecretName: - description: TokenSecretName is the kubernetes secret containing the KMS token type: string type: object type: object zone: - description: The multisite info nullable: true properties: name: - description: RGW Zone the Object Store is in type: string required: - name type: object type: object status: - description: ObjectStoreStatus represents the status of a Ceph Object Store resource properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10114,12 +9044,10 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array @@ -10144,11 +9072,9 @@ spec: message: type: string observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: ConditionType represent a resource's status type: string type: object x-kubernetes-preserve-unknown-fields: true @@ -10186,25 +9112,19 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectStoreUser represents a Ceph Object Store Gateway User properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectStoreUserSpec represent the spec of an Objectstoreuser properties: capabilities: - description: Additional admin-level capabilities for the Ceph object store user nullable: true properties: amz-cache: - description: Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/quincy/radosgw/rgw-cache/#cache-api enum: - '*' - read @@ -10212,7 +9132,6 @@ spec: - read, write type: string bilog: - description: Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10220,7 +9139,6 @@ spec: - read, write type: string bucket: - description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10228,7 +9146,6 @@ spec: - read, write type: string buckets: - description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10236,7 +9153,6 @@ spec: - read, write type: string datalog: - description: Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10244,7 +9160,6 @@ spec: - read, write type: string info: - description: Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10252,7 +9167,6 @@ spec: - read, write type: string mdlog: - description: Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10260,7 +9174,6 @@ spec: - read, write type: string metadata: - description: Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10268,7 +9181,6 @@ spec: - read, write type: string oidc-provider: - description: Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10276,7 +9188,6 @@ spec: - read, write type: string ratelimit: - description: Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10284,7 +9195,6 @@ spec: - read, write type: string roles: - description: Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10292,7 +9202,6 @@ spec: - read, write type: string usage: - description: Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10300,7 +9209,6 @@ spec: - read, write type: string user: - description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10308,7 +9216,6 @@ spec: - read, write type: string user-policy: - description: Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10316,7 +9223,6 @@ spec: - read, write type: string users: - description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10324,7 +9230,6 @@ spec: - read, write type: string zone: - description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read @@ -10333,21 +9238,16 @@ spec: type: string type: object clusterNamespace: - description: The namespace where the parent CephCluster and CephObjectStore are found type: string displayName: - description: The display name for the ceph users type: string quotas: - description: ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more nullable: true properties: maxBuckets: - description: Maximum bucket limit for the ceph user nullable: true type: integer maxObjects: - description: Maximum number of objects across all the user's buckets format: int64 nullable: true type: integer @@ -10355,17 +9255,14 @@ spec: anyOf: - type: integer - type: string - description: Maximum size limit of all objects across all the user's buckets See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info. nullable: true pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object store: - description: The store the user will be created in type: string type: object status: - description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User properties: info: additionalProperties: @@ -10373,7 +9270,6 @@ spec: nullable: true type: object observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10411,31 +9307,24 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectZoneGroup represents a Ceph Object Store Gateway Zone Group properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectZoneGroupSpec represent the spec of an ObjectZoneGroup properties: realm: - description: The display name for the ceph users type: string required: - realm type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10446,17 +9335,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10494,34 +9380,26 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephObjectZone represents a Ceph Object Store Gateway Zone properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ObjectZoneSpec represent the spec of an ObjectZone properties: customEndpoints: - description: "If this zone cannot be accessed from other peer Ceph clusters via the ClusterIP Service endpoint created by Rook, you must set this to the externally reachable endpoint(s). You may include the port in the definition. For example: \"https://my-object-store.my-domain.net:443\". In many cases, you should set this to the endpoint of the ingress resource that makes the CephObjectStore associated with this CephObjectStoreZone reachable to peer clusters. The list can have one or more endpoints pointing to different RGW servers in the zone. \n If a CephObjectStore endpoint is omitted from this list, that object store's gateways will not receive multisite replication data (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." items: type: string nullable: true type: array dataPool: - description: The data pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -10531,28 +9409,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -10560,40 +9431,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -10601,40 +9461,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10642,36 +9493,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10680,14 +9523,11 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object metadataPool: - description: The metadata pool settings nullable: true properties: application: - description: The application name to set on the pool. Only expected to be set for rgw pools. type: string compressionMode: - description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters' enum: - none - passive @@ -10697,28 +9537,21 @@ spec: nullable: true type: string crushRoot: - description: The root of the crush hierarchy utilized by the pool nullable: true type: string deviceClass: - description: The device class the OSD should set to for use in the pool nullable: true type: string enableRBDStats: - description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool type: boolean erasureCoded: - description: The erasure code settings properties: algorithm: - description: The algorithm for erasure coding type: string codingChunks: - description: Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered. minimum: 0 type: integer dataChunks: - description: Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery. minimum: 0 type: integer required: @@ -10726,40 +9559,29 @@ spec: - dataChunks type: object failureDomain: - description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map' type: string mirroring: - description: The mirroring settings properties: enabled: - description: Enabled whether this pool is mirrored or not type: boolean mode: - description: 'Mode is the mirroring mode: either pool or image' type: string peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array type: object snapshotSchedules: - description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools items: - description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool properties: interval: - description: Interval represent the periodicity of the snapshot. type: string path: - description: Path is the path to snapshot, only valid for CephFS type: string startTime: - description: StartTime indicates when to start the snapshot type: string type: object type: array @@ -10767,40 +9589,31 @@ spec: parameters: additionalProperties: type: string - description: Parameters is a list of properties to enable on a given pool nullable: true type: object x-kubernetes-preserve-unknown-fields: true quotas: - description: The quota settings nullable: true properties: maxBytes: - description: MaxBytes represents the quota in bytes Deprecated in favor of MaxSize format: int64 type: integer maxObjects: - description: MaxObjects represents the quota in objects format: int64 type: integer maxSize: - description: MaxSize represents the quota in bytes as a string pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ type: string type: object replicated: - description: The replication settings properties: hybridStorage: - description: HybridStorage represents hybrid storage tier settings nullable: true properties: primaryDeviceClass: - description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD minLength: 1 type: string secondaryDeviceClass: - description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs minLength: 1 type: string required: @@ -10808,36 +9621,28 @@ spec: - secondaryDeviceClass type: object replicasPerFailureDomain: - description: ReplicasPerFailureDomain the number of replica in the specified failure domain minimum: 1 type: integer requireSafeReplicaSize: - description: RequireSafeReplicaSize if false allows you to set replica 1 type: boolean size: - description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type) minimum: 0 type: integer subFailureDomain: - description: SubFailureDomain the name of the sub-failure domain type: string targetSizeRatio: - description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity type: number required: - size type: object statusCheck: - description: The mirroring statusCheck properties: mirror: - description: HealthCheckSpec represents the health check of an object store bucket nullable: true properties: disabled: type: boolean interval: - description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds type: string timeout: type: string @@ -10847,10 +9652,8 @@ spec: type: object preservePoolsOnDelete: default: true - description: Preserve pools on object zone deletion type: boolean zoneGroup: - description: The display name for the ceph users type: string required: - dataPool @@ -10858,11 +9661,9 @@ spec: - zoneGroup type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -10873,17 +9674,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -10921,43 +9719,34 @@ spec: name: v1 schema: openAPIV3Schema: - description: CephRBDMirror represents a Ceph RBD Mirror properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: RBDMirroringSpec represents the specification of an RBD mirror daemon properties: annotations: additionalProperties: type: string - description: The annotations-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true count: - description: Count represents the number of rbd mirror instance to run minimum: 1 type: integer labels: additionalProperties: type: string - description: The labels-related configuration to add/set on each Pod related object. nullable: true type: object x-kubernetes-preserve-unknown-fields: true peers: - description: Peers represents the peers spec nullable: true properties: secretNames: - description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers items: type: string type: array @@ -11438,19 +10227,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true priorityClassName: - description: PriorityClassName sets priority class on the rbd mirror pods type: string resources: - description: The resource requirements for the rbd mirror pods nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name @@ -11466,7 +10250,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11475,7 +10258,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -11483,11 +10265,9 @@ spec: - count type: object status: - description: Status represents the status of an object properties: conditions: items: - description: Condition represents a status condition on any Rook-Ceph Custom Resource. properties: lastHeartbeatTime: format: date-time @@ -11498,17 +10278,14 @@ spec: message: type: string reason: - description: ConditionReason is a reason for a condition type: string status: type: string type: - description: ConditionType represent a resource's status type: string type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: @@ -11523,116 +10300,3 @@ spec: storage: true subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: objectbucketclaims.objectbucket.io -spec: - group: objectbucket.io - names: - kind: ObjectBucketClaim - listKind: ObjectBucketClaimList - plural: objectbucketclaims - singular: objectbucketclaim - shortNames: - - obc - - obcs - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - storageClassName: - type: string - bucketName: - type: string - generateBucketName: - type: string - additionalConfig: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - objectBucketName: - type: string - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: objectbuckets.objectbucket.io -spec: - group: objectbucket.io - names: - kind: ObjectBucket - listKind: ObjectBucketList - plural: objectbuckets - singular: objectbucket - shortNames: - - ob - - obs - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - storageClassName: - type: string - endpoint: - type: object - nullable: true - properties: - bucketHost: - type: string - bucketPort: - type: integer - format: int32 - bucketName: - type: string - region: - type: string - subRegion: - type: string - additionalConfig: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - authentication: - type: object - nullable: true - items: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalState: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - reclaimPolicy: - type: string - claimRef: - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {}