diff --git a/charts/pulsar-resources-operator/Chart.yaml b/charts/pulsar-resources-operator/Chart.yaml index c976a835..bc134098 100644 --- a/charts/pulsar-resources-operator/Chart.yaml +++ b/charts/pulsar-resources-operator/Chart.yaml @@ -30,13 +30,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v0.9.2 +version: v0.10.0-rc.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.9.2" +appVersion: "v0.10.0-rc.1" # This is a semver range of compatible Kubernetes versions. Helm will validate the version # constraints when installing the chart and fail if the cluster runs an unsupported Kubernetes version diff --git a/charts/pulsar-resources-operator/README.md b/charts/pulsar-resources-operator/README.md index 913f3582..873cc5f9 100644 --- a/charts/pulsar-resources-operator/README.md +++ b/charts/pulsar-resources-operator/README.md @@ -1,6 +1,6 @@ # Pulsar Resources Operator -![Version: v0.9.1](https://img.shields.io/badge/Version-v0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.1](https://img.shields.io/badge/AppVersion-v0.9.1-informational?style=flat-square) +![Version: v0.10.0-rc.1](https://img.shields.io/badge/Version-v0.10.0-rc.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.10.0-rc.1](https://img.shields.io/badge/AppVersion-v0.10.0-rc.1-informational?style=flat-square) ## Installing the Chart diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_apikeys.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_apikeys.yaml new file mode 100644 index 00000000..229c1597 --- /dev/null +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_apikeys.yaml @@ -0,0 +1,232 @@ +# Copyright 2025 StreamNative +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: apikeys.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: APIKey + listKind: APIKeyList + plural: apikeys + singular: apikey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIKey is the Schema for the APIKeys API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: APIKeySpec defines the desired state of APIKey + properties: + apiServerRef: + description: APIServerRef is the reference to the StreamNativeCloudConnection + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + description: + description: Description is a user defined description of the key + type: string + encryptionKey: + description: EncryptionKey contains the public key used to encrypt + the token + properties: + pem: + description: PEM is the public key in PEM format + type: string + type: object + x-kubernetes-map-type: atomic + expirationTime: + description: |- + ExpirationTime is a timestamp that defines when this API key will expire + This can only be set on initial creation and not updated later + format: date-time + type: string + exportPlaintextToken: + description: ExportPlaintextToken indicates whether the token should + be exported in plaintext + type: boolean + instanceName: + description: InstanceName is the name of the instance this API key + is for + type: string + revoke: + description: Revoke indicates whether this API key should be revoked + type: boolean + serviceAccountName: + description: ServiceAccountName is the name of the service account + this API key is for + type: string + required: + - apiServerRef + type: object + status: + description: APIKeyStatus defines the observed state of APIKey + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + encryptedToken: + description: EncryptedToken is the encrypted security token issued + for the key + properties: + jwe: + description: |- + JWE is the token as a JSON Web Encryption (JWE) message + For RSA public keys, the key encryption algorithm is RSA-OAEP, and the content encryption algorithm is AES GCM + type: string + type: object + x-kubernetes-map-type: atomic + expiresAt: + description: ExpiresAt is a timestamp of when the key expires + format: date-time + type: string + issuedAt: + description: IssuedAt is a timestamp of when the key was issued + format: date-time + type: string + keyId: + description: KeyID is a generated field that is a uid for the token + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation + format: int64 + type: integer + revokedAt: + description: RevokedAt is a timestamp of when the key was revoked, + it triggers revocation action + format: date-time + type: string + token: + description: Token is the plaintext security token issued for the + key + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml index e99ef70c..e9864203 100644 --- a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml @@ -224,15 +224,18 @@ spec: ClusterName specifies the name of the local Pulsar cluster. When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster. type: string + tlsAllowInsecureConnection: + description: TLSAllowInsecureConnection indicates whether to allow + insecure connection to the broker. + type: boolean tlsEnableHostnameVerification: - description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. + description: |- + TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. Only used when using secure urls. type: boolean - tlsAllowInsecureConnection: - description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker. - type: boolean tlsTrustCertsFilePath: - description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS. + description: TLSTrustCertsFilePath Path for the TLS certificate used + to validate the broker endpoint when using TLS. type: string type: object status: diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnamespaces.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnamespaces.yaml index 7fc2ea5f..c5c14219 100644 --- a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnamespaces.yaml +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnamespaces.yaml @@ -238,6 +238,28 @@ spec: Should be set in conjunction with RetentionSize for effective retention policy. Retention Quota must exceed configured backlog quota for namespace type: string + topicAutoCreationConfig: + description: |- + TopicAutoCreationConfig controls whether automatic topic creation is allowed in this namespace + and configures properties of automatically created topics + properties: + allow: + description: Allow specifies whether to allow automatic topic + creation + type: boolean + partitions: + description: Partitions specifies the default number of partitions + for automatically created topics + format: int32 + type: integer + type: + description: Type specifies the type of automatically created + topics + enum: + - partitioned + - non-partitioned + type: string + type: object required: - connectionRef - name diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccountbindings.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccountbindings.yaml new file mode 100644 index 00000000..b6b52f41 --- /dev/null +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccountbindings.yaml @@ -0,0 +1,193 @@ +# Copyright 2025 StreamNative +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: serviceaccountbindings.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: ServiceAccountBinding + listKind: ServiceAccountBindingList + plural: serviceaccountbindings + singular: serviceaccountbinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceAccountBinding is the Schema for the ServiceAccountBindings + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServiceAccountBindingSpec defines the desired state of ServiceAccountBinding + properties: + apiServerRef: + description: |- + APIServerRef is the reference to the StreamNativeCloudConnection + If not provided, it will be retrieved from the referenced ServiceAccount + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + poolMemberRefs: + description: PoolMemberRefs refers to a list of PoolMembers in the + current namespace or other namespaces + items: + description: PoolMemberReference is a reference to a pool member + with a given name. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + type: array + serviceAccountName: + description: ServiceAccountName refers to the ServiceAccount under + the same namespace as this binding object + type: string + required: + - poolMemberRefs + - serviceAccountName + type: object + status: + description: ServiceAccountBindingStatus defines the observed state of + ServiceAccountBinding + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccounts.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccounts.yaml new file mode 100644 index 00000000..c31df86e --- /dev/null +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_serviceaccounts.yaml @@ -0,0 +1,175 @@ +# Copyright 2025 StreamNative +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: serviceaccounts.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: ServiceAccount + listKind: ServiceAccountList + plural: serviceaccounts + singular: serviceaccount + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceAccount is the Schema for the ServiceAccounts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServiceAccountSpec defines the desired state of ServiceAccount + properties: + apiServerRef: + description: APIServerRef is the reference to the StreamNativeCloudConnection + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - apiServerRef + type: object + status: + description: ServiceAccountStatus defines the observed state of ServiceAccount + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation + format: int64 + type: integer + privateKeyData: + description: PrivateKeyData provides the private key data (in base-64 + format) for authentication purposes + type: string + privateKeyType: + description: PrivateKeyType indicates the type of private key information + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/pulsar-resources-operator/templates/role.yaml b/charts/pulsar-resources-operator/templates/role.yaml index 9e55a72a..f85e1589 100644 --- a/charts/pulsar-resources-operator/templates/role.yaml +++ b/charts/pulsar-resources-operator/templates/role.yaml @@ -430,3 +430,81 @@ rules: - get - patch - update +- apiGroups: + - resource.streamnative.io + resources: + - apikeys + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resource.streamnative.io + resources: + - apikeys/finalizers + verbs: + - update +- apiGroups: + - resource.streamnative.io + resources: + - apikeys/status + verbs: + - get + - patch + - update +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccounts/finalizers + verbs: + - update +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccountbindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccountbindings/finalizers + verbs: + - update +- apiGroups: + - resource.streamnative.io + resources: + - serviceaccountbindings/status + verbs: + - get + - patch + - update diff --git a/config/crd/bases/resource.streamnative.io_apikeys.yaml b/config/crd/bases/resource.streamnative.io_apikeys.yaml index 90ec81fe..229c1597 100644 --- a/config/crd/bases/resource.streamnative.io_apikeys.yaml +++ b/config/crd/bases/resource.streamnative.io_apikeys.yaml @@ -97,6 +97,10 @@ spec: This can only be set on initial creation and not updated later format: date-time type: string + exportPlaintextToken: + description: ExportPlaintextToken indicates whether the token should + be exported in plaintext + type: boolean instanceName: description: InstanceName is the name of the instance this API key is for diff --git a/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml b/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml index e99ef70c..e9864203 100644 --- a/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml +++ b/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml @@ -224,15 +224,18 @@ spec: ClusterName specifies the name of the local Pulsar cluster. When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster. type: string + tlsAllowInsecureConnection: + description: TLSAllowInsecureConnection indicates whether to allow + insecure connection to the broker. + type: boolean tlsEnableHostnameVerification: - description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. + description: |- + TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. Only used when using secure urls. type: boolean - tlsAllowInsecureConnection: - description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker. - type: boolean tlsTrustCertsFilePath: - description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS. + description: TLSTrustCertsFilePath Path for the TLS certificate used + to validate the broker endpoint when using TLS. type: string type: object status: