├── .dockerignore ├── .github ├── CODEOWNERS ├── dependabot.yml ├── sync.yml └── workflows │ ├── force-sync-charts.yml │ ├── generate.yml │ ├── lint.yml │ ├── pages.yml │ ├── release.yml │ ├── tests.yml │ └── trunk-upgrade.yml ├── .gitignore ├── .golangci.yml ├── .trunk ├── .gitignore ├── configs │ ├── .hadolint.yaml │ ├── .markdownlint.yaml │ ├── .prettierignore │ └── .yamllint.yaml └── trunk.yaml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── Taskfile.dist.yml ├── Taskfile.internal.yml ├── api └── v1alpha1 │ ├── alloydbomni_types.go │ ├── alloydbomni_webhook.go │ ├── cassandra_types.go │ ├── cassandra_webhook.go │ ├── clickhouse_types.go │ ├── clickhouse_webhook.go │ ├── clickhousedatabase_types.go │ ├── clickhousegrant_types.go │ ├── clickhouserole_types.go │ ├── clickhouseuser_types.go │ ├── common.go │ ├── common_test.go │ ├── connectionpool_types.go │ ├── connectionpool_webhook.go │ ├── database_types.go │ ├── database_webhook.go │ ├── doc.go │ ├── flink_types.go │ ├── flink_webhook.go │ ├── grafana_types.go │ ├── grafana_webhook.go │ ├── groupversion_info.go │ ├── kafka_types.go │ ├── kafka_webhook.go │ ├── kafkaacl_types.go │ ├── kafkaacl_webhook.go │ ├── kafkaconnect_types.go │ ├── kafkaconnect_webhook.go │ ├── kafkaconnector_types.go │ ├── kafkaconnector_webhook.go │ ├── kafkanativeacl_types.go │ ├── kafkaschema_types.go │ ├── kafkaschema_webhook.go │ ├── kafkaschemaregistryacl_types.go │ ├── kafkatopic_types.go │ ├── kafkatopic_webhook.go │ ├── mysql_types.go │ ├── mysql_webhook.go │ ├── opensearch_types.go │ ├── opensearch_webhook.go │ ├── postgresql_types.go │ ├── postgresql_webhook.go │ ├── project_types.go │ ├── project_webhook.go │ ├── projectvpc_types.go │ ├── redis_types.go │ ├── redis_webhook.go │ ├── serviceintegration_types.go │ ├── serviceintegration_webhook.go │ ├── serviceintegrationendpoint_types.go │ ├── serviceintegrationendpoint_webhook.go │ ├── serviceuser_types.go │ ├── serviceuser_webhook.go │ ├── setup_webhooks.go │ ├── userconfig │ ├── integration │ │ ├── autoscaler │ │ │ ├── autoscaler.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── clickhouse_kafka │ │ │ ├── clickhouse_kafka.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── clickhouse_postgresql │ │ │ ├── clickhouse_postgresql.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── datadog │ │ │ ├── datadog.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_aws_cloudwatch_metrics │ │ │ ├── external_aws_cloudwatch_metrics.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── kafka_connect │ │ │ ├── kafka_connect.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── kafka_logs │ │ │ ├── kafka_logs.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── kafka_mirrormaker │ │ │ ├── kafka_mirrormaker.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── logs │ │ │ ├── logs.go │ │ │ └── zz_generated.deepcopy.go │ │ └── metrics │ │ │ ├── metrics.go │ │ │ └── zz_generated.deepcopy.go │ ├── integrationendpoints │ │ ├── autoscaler │ │ │ ├── autoscaler.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── datadog │ │ │ ├── datadog.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_aws_cloudwatch_logs │ │ │ ├── external_aws_cloudwatch_logs.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_aws_cloudwatch_metrics │ │ │ ├── external_aws_cloudwatch_metrics.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_elasticsearch_logs │ │ │ ├── external_elasticsearch_logs.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_google_cloud_bigquery │ │ │ ├── external_google_cloud_bigquery.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_google_cloud_logging │ │ │ ├── external_google_cloud_logging.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_kafka │ │ │ ├── external_kafka.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_opensearch_logs │ │ │ ├── external_opensearch_logs.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_postgresql │ │ │ ├── external_postgresql.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── external_schema_registry │ │ │ ├── external_schema_registry.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── jolokia │ │ │ ├── jolokia.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── prometheus │ │ │ ├── prometheus.go │ │ │ └── zz_generated.deepcopy.go │ │ └── rsyslog │ │ │ ├── rsyslog.go │ │ │ └── zz_generated.deepcopy.go │ └── service │ │ ├── alloydbomni │ │ ├── alloydbomni.go │ │ └── zz_generated.deepcopy.go │ │ ├── cassandra │ │ ├── cassandra.go │ │ └── zz_generated.deepcopy.go │ │ ├── clickhouse │ │ ├── clickhouse.go │ │ └── zz_generated.deepcopy.go │ │ ├── flink │ │ ├── flink.go │ │ └── zz_generated.deepcopy.go │ │ ├── grafana │ │ ├── grafana.go │ │ └── zz_generated.deepcopy.go │ │ ├── kafka │ │ ├── kafka.go │ │ └── zz_generated.deepcopy.go │ │ ├── kafka_connect │ │ ├── kafka_connect.go │ │ └── zz_generated.deepcopy.go │ │ ├── mysql │ │ ├── mysql.go │ │ └── zz_generated.deepcopy.go │ │ ├── opensearch │ │ ├── opensearch.go │ │ └── zz_generated.deepcopy.go │ │ ├── pg │ │ ├── pg.go │ │ └── zz_generated.deepcopy.go │ │ ├── redis │ │ ├── redis.go │ │ └── zz_generated.deepcopy.go │ │ └── valkey │ │ ├── valkey.go │ │ └── zz_generated.deepcopy.go │ ├── valkey_types.go │ ├── valkey_webhook.go │ └── zz_generated.deepcopy.go ├── charts ├── aiven-operator-crds │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── aiven.io_alloydbomnis.yaml │ │ ├── aiven.io_cassandras.yaml │ │ ├── aiven.io_clickhousedatabases.yaml │ │ ├── aiven.io_clickhousegrants.yaml │ │ ├── aiven.io_clickhouseroles.yaml │ │ ├── aiven.io_clickhouses.yaml │ │ ├── aiven.io_clickhouseusers.yaml │ │ ├── aiven.io_connectionpools.yaml │ │ ├── aiven.io_databases.yaml │ │ ├── aiven.io_flinks.yaml │ │ ├── aiven.io_grafanas.yaml │ │ ├── aiven.io_kafkaacls.yaml │ │ ├── aiven.io_kafkaconnectors.yaml │ │ ├── aiven.io_kafkaconnects.yaml │ │ ├── aiven.io_kafkanativeacls.yaml │ │ ├── aiven.io_kafkas.yaml │ │ ├── aiven.io_kafkaschemaregistryacls.yaml │ │ ├── aiven.io_kafkaschemas.yaml │ │ ├── aiven.io_kafkatopics.yaml │ │ ├── aiven.io_mysqls.yaml │ │ ├── aiven.io_opensearches.yaml │ │ ├── aiven.io_postgresqls.yaml │ │ ├── aiven.io_projects.yaml │ │ ├── aiven.io_projectvpcs.yaml │ │ ├── aiven.io_redis.yaml │ │ ├── aiven.io_serviceintegrationendpoints.yaml │ │ ├── aiven.io_serviceintegrations.yaml │ │ ├── aiven.io_serviceusers.yaml │ │ └── aiven.io_valkeys.yaml │ └── values.yaml └── aiven-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── ci │ └── test-values.yaml │ ├── templates │ ├── _helpers.tpl │ ├── certificate.yaml │ ├── cluster_role.yaml │ ├── cluster_role_binding.yaml │ ├── deployment.yaml │ ├── election_role.yaml │ ├── election_role_binding.yaml │ ├── ensure_cert_manager_if_webhooks_are_enabled.yaml │ ├── hpa.yaml │ ├── mutating_webhook_configuration.yaml │ ├── role_binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── validating_webhook_configuration.yaml │ └── values.yaml ├── commitlint.config.mjs ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ ├── aiven.io_alloydbomnis.yaml │ │ ├── aiven.io_cassandras.yaml │ │ ├── aiven.io_clickhousedatabases.yaml │ │ ├── aiven.io_clickhousegrants.yaml │ │ ├── aiven.io_clickhouseroles.yaml │ │ ├── aiven.io_clickhouses.yaml │ │ ├── aiven.io_clickhouseusers.yaml │ │ ├── aiven.io_connectionpools.yaml │ │ ├── aiven.io_databases.yaml │ │ ├── aiven.io_flinks.yaml │ │ ├── aiven.io_grafanas.yaml │ │ ├── aiven.io_kafkaacls.yaml │ │ ├── aiven.io_kafkaconnectors.yaml │ │ ├── aiven.io_kafkaconnects.yaml │ │ ├── aiven.io_kafkanativeacls.yaml │ │ ├── aiven.io_kafkas.yaml │ │ ├── aiven.io_kafkaschemaregistryacls.yaml │ │ ├── aiven.io_kafkaschemas.yaml │ │ ├── aiven.io_kafkatopics.yaml │ │ ├── aiven.io_mysqls.yaml │ │ ├── aiven.io_opensearches.yaml │ │ ├── aiven.io_postgresqls.yaml │ │ ├── aiven.io_projects.yaml │ │ ├── aiven.io_projectvpcs.yaml │ │ ├── aiven.io_redis.yaml │ │ ├── aiven.io_serviceintegrationendpoints.yaml │ │ ├── aiven.io_serviceintegrations.yaml │ │ ├── aiven.io_serviceusers.yaml │ │ └── aiven.io_valkeys.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_alloydbomnis.yaml │ │ ├── cainjection_in_cassandras.yaml │ │ ├── cainjection_in_clickhouseroles.yaml │ │ ├── cainjection_in_clickhouses.yaml │ │ ├── cainjection_in_clickhouseusers.yaml │ │ ├── cainjection_in_connectionpools.yaml │ │ ├── cainjection_in_databases.yaml │ │ ├── cainjection_in_flinks.yaml │ │ ├── cainjection_in_grafanas.yaml │ │ ├── cainjection_in_kafkaacls.yaml │ │ ├── cainjection_in_kafkaconnectors.yaml │ │ ├── cainjection_in_kafkaconnects.yaml │ │ ├── cainjection_in_kafkas.yaml │ │ ├── cainjection_in_kafkaschemaregistryacls.yaml │ │ ├── cainjection_in_kafkaschemas.yaml │ │ ├── cainjection_in_kafkatopics.yaml │ │ ├── cainjection_in_mysqls.yaml │ │ ├── cainjection_in_opensearches.yaml │ │ ├── cainjection_in_postgresqls.yaml │ │ ├── cainjection_in_projects.yaml │ │ ├── cainjection_in_redis.yaml │ │ ├── cainjection_in_serviceintegrationendpoints.yaml │ │ ├── cainjection_in_serviceintegrations.yaml │ │ ├── cainjection_in_serviceusers.yaml │ │ ├── cainjection_in_valkeys.yaml │ │ ├── webhook_in_alloydbomnis.yaml │ │ ├── webhook_in_cassandras.yaml │ │ ├── webhook_in_clickhouseroles.yaml │ │ ├── webhook_in_clickhouses.yaml │ │ ├── webhook_in_clickhouseusers.yaml │ │ ├── webhook_in_connectionpools.yaml │ │ ├── webhook_in_databases.yaml │ │ ├── webhook_in_flinks.yaml │ │ ├── webhook_in_grafanas.yaml │ │ ├── webhook_in_kafkaacls.yaml │ │ ├── webhook_in_kafkaconnectors.yaml │ │ ├── webhook_in_kafkaconnects.yaml │ │ ├── webhook_in_kafkas.yaml │ │ ├── webhook_in_kafkaschemaregistryacls.yaml │ │ ├── webhook_in_kafkaschemas.yaml │ │ ├── webhook_in_kafkatopics.yaml │ │ ├── webhook_in_mysqls.yaml │ │ ├── webhook_in_opensearches.yaml │ │ ├── webhook_in_postgresqls.yaml │ │ ├── webhook_in_projects.yaml │ │ ├── webhook_in_redis.yaml │ │ ├── webhook_in_serviceintegrationendpoints.yaml │ │ ├── webhook_in_serviceintegrations.yaml │ │ ├── webhook_in_serviceusers.yaml │ │ └── webhook_in_valkeys.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_config_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── controller_manager_config.yaml │ ├── kustomization.yaml │ └── manager.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── cassandra_editor_role.yaml │ ├── cassandra_viewer_role.yaml │ ├── clickhouse_editor_role.yaml │ ├── clickhouse_viewer_role.yaml │ ├── clickhousedatabase_editor_role.yaml │ ├── clickhousedatabase_viewer_role.yaml │ ├── clickhouserole_editor_role.yaml │ ├── clickhouserole_viewer_role.yaml │ ├── clickhouseuser_editor_role.yaml │ ├── clickhouseuser_viewer_role.yaml │ ├── connectionpool_editor_role.yaml │ ├── connectionpool_viewer_role.yaml │ ├── database_editor_role.yaml │ ├── database_viewer_role.yaml │ ├── flink_editor_role.yaml │ ├── flink_viewer_role.yaml │ ├── grafana_editor_role.yaml │ ├── grafana_viewer_role.yaml │ ├── kafka_editor_role.yaml │ ├── kafka_viewer_role.yaml │ ├── kafkaacl_editor_role.yaml │ ├── kafkaacl_viewer_role.yaml │ ├── kafkaconnect_editor_role.yaml │ ├── kafkaconnect_viewer_role.yaml │ ├── kafkaconnector_editor_role.yaml │ ├── kafkaconnector_viewer_role.yaml │ ├── kafkanativeacl_editor_role.yaml │ ├── kafkanativeacl_viewer_role.yaml │ ├── kafkaschema_editor_role.yaml │ ├── kafkaschema_viewer_role.yaml │ ├── kafkaschemaregistryacl_editor_role.yaml │ ├── kafkaschemaregistryacl_viewer_role.yaml │ ├── kafkatopic_editor_role.yaml │ ├── kafkatopic_viewer_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── mysql_editor_role.yaml │ ├── mysql_viewer_role.yaml │ ├── opensearch_editor_role.yaml │ ├── opensearch_viewer_role.yaml │ ├── postgresql_editor_role.yaml │ ├── postgresql_viewer_role.yaml │ ├── project_editor_role.yaml │ ├── project_viewer_role.yaml │ ├── projectvpc_editor_role.yaml │ ├── projectvpc_viewer_role.yaml │ ├── redis_editor_role.yaml │ ├── redis_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ ├── service_account.yaml │ ├── serviceintegration_editor_role.yaml │ ├── serviceintegration_viewer_role.yaml │ ├── serviceintegrationendpoint_editor_role.yaml │ ├── serviceintegrationendpoint_viewer_role.yaml │ ├── serviceuser_editor_role.yaml │ ├── serviceuser_viewer_role.yaml │ ├── valkey_editor_role.yaml │ └── valkey_viewer_role.yaml ├── samples │ ├── _v1alpha1_cassandra.yaml │ ├── _v1alpha1_clickhouse.yaml │ ├── _v1alpha1_clickhousedatabase.yaml │ ├── _v1alpha1_clickhouserole.yaml │ ├── _v1alpha1_clickhouseuser.yaml │ ├── _v1alpha1_connectionpool.yaml │ ├── _v1alpha1_database.yaml │ ├── _v1alpha1_flink.yaml │ ├── _v1alpha1_grafana.yaml │ ├── _v1alpha1_kafka.yaml │ ├── _v1alpha1_kafkaacl.yaml │ ├── _v1alpha1_kafkaconnect.yaml │ ├── _v1alpha1_kafkaconnector.yaml │ ├── _v1alpha1_kafkanativeacl.yaml │ ├── _v1alpha1_kafkaschema.yaml │ ├── _v1alpha1_kafkaschemaregistryacl.yaml │ ├── _v1alpha1_kafkatopic.yaml │ ├── _v1alpha1_mysql.yaml │ ├── _v1alpha1_opensearch.yaml │ ├── _v1alpha1_postgresql.yaml │ ├── _v1alpha1_project.yaml │ ├── _v1alpha1_projectvpc.yaml │ ├── _v1alpha1_redis.yaml │ ├── _v1alpha1_serviceintegration.yaml │ ├── _v1alpha1_serviceintegrationendpoint.yaml │ ├── _v1alpha1_serviceuser.yaml │ ├── _v1alpha1_valkey.yaml │ ├── aiven.io_v1alpha1_clickhouse.yaml │ ├── aiven.io_v1alpha1_clickhouseuser.yaml │ ├── aiven.io_v1alpha1_kafka.yaml │ ├── aiven.io_v1alpha1_opensearch.yaml │ ├── aiven.io_v1alpha1_redis.yaml │ └── kustomization.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── controllers ├── alloydbomni_controller.go ├── basic_controller.go ├── cassandra_controller.go ├── clickhouse_controller.go ├── clickhousedatabase_controller.go ├── clickhousegrant_controller.go ├── clickhouserole_controller.go ├── clickhouseuser_controller.go ├── common.go ├── common_test.go ├── connectionpool_controller.go ├── database_controller.go ├── flink_controller.go ├── generic_service_handler.go ├── grafana_controller.go ├── kafka_controller.go ├── kafkaacl_controller.go ├── kafkaconnect_controller.go ├── kafkaconnector_controller.go ├── kafkanativeacl_controller.go ├── kafkaschema_controller.go ├── kafkaschemaregistryacl_controller.go ├── kafkatopic_controller.go ├── mysql_controller.go ├── opensearch_controller.go ├── postgresql_controller.go ├── project_controller.go ├── projectvpc_controller.go ├── redis_controller.go ├── secret_finalizer_gc_controller.go ├── serviceintegration_controller.go ├── serviceintegrationendpoint_controller.go ├── serviceuser_controller.go ├── setup.go └── valkey_controller.go ├── docs ├── docs │ ├── .snippets │ │ └── pg-example.yaml │ ├── assets │ │ ├── developer-guide-k9s.jpg │ │ └── logo.svg │ ├── authentication.md │ ├── changelog.md │ ├── contributing │ │ ├── developer-guide.md │ │ ├── index.md │ │ └── resource-generation.md │ ├── examples │ │ ├── cassandra.md │ │ ├── clickhouse.md │ │ ├── kafka │ │ │ ├── connect.md │ │ │ ├── index.md │ │ │ ├── kowl-random-strings.png │ │ │ ├── kowl-topics.png │ │ │ └── schema.md │ │ ├── mysql.md │ │ ├── opensearch.md │ │ ├── postgresql.md │ │ ├── project-vpc.md │ │ ├── project.md │ │ ├── redis.md │ │ ├── service-integrations.md │ │ └── valkey.md │ ├── index.md │ ├── installation │ │ ├── helm.md │ │ ├── kubectl.md │ │ ├── prerequisites.md │ │ └── uninstalling.md │ ├── resources │ │ ├── alloydbomni.md │ │ ├── cassandra.md │ │ ├── clickhouse.md │ │ ├── clickhousedatabase.md │ │ ├── clickhousegrant.md │ │ ├── clickhouserole.md │ │ ├── clickhouseuser.md │ │ ├── connectionpool.md │ │ ├── database.md │ │ ├── examples │ │ │ ├── alloydbomni.yaml │ │ │ ├── cassandra.yaml │ │ │ ├── clickhouse.yaml │ │ │ ├── clickhousedatabase.yaml │ │ │ ├── clickhousegrant.example_2.yaml │ │ │ ├── clickhousegrant.yaml │ │ │ ├── clickhouserole.yaml │ │ │ ├── clickhouseuser.yaml │ │ │ ├── connectionpool.yaml │ │ │ ├── database.yaml │ │ │ ├── flink.yaml │ │ │ ├── grafana.yaml │ │ │ ├── kafka.yaml │ │ │ ├── kafkaacl.yaml │ │ │ ├── kafkaconnect.yaml │ │ │ ├── kafkaconnector.yaml │ │ │ ├── kafkanativeacl.yaml │ │ │ ├── kafkaschema.yaml │ │ │ ├── kafkaschemaregistryacl.yaml │ │ │ ├── kafkatopic.yaml │ │ │ ├── mysql.yaml │ │ │ ├── opensearch.yaml │ │ │ ├── postgresql.yaml │ │ │ ├── project.yaml │ │ │ ├── projectvpc.yaml │ │ │ ├── redis.yaml │ │ │ ├── serviceintegration.autoscaler.yaml │ │ │ ├── serviceintegration.clickhouse_postgresql.yaml │ │ │ ├── serviceintegration.datadog.yaml │ │ │ ├── serviceintegration.kafka_connect.yaml │ │ │ ├── serviceintegration.kafka_logs.yaml │ │ │ ├── serviceintegrationendpoint.autoscaler.yaml │ │ │ ├── serviceintegrationendpoint.external_postgresql.yaml │ │ │ ├── serviceintegrationendpoint.external_schema_registry.yaml │ │ │ ├── serviceuser.yaml │ │ │ └── valkey.yaml │ │ ├── flink.md │ │ ├── grafana.md │ │ ├── kafka.md │ │ ├── kafkaacl.md │ │ ├── kafkaconnect.md │ │ ├── kafkaconnector.md │ │ ├── kafkanativeacl.md │ │ ├── kafkaschema.md │ │ ├── kafkaschemaregistryacl.md │ │ ├── kafkatopic.md │ │ ├── mysql.md │ │ ├── opensearch.md │ │ ├── postgresql.md │ │ ├── project.md │ │ ├── projectvpc.md │ │ ├── redis.md │ │ ├── serviceintegration.md │ │ ├── serviceintegrationendpoint.md │ │ ├── serviceuser.md │ │ └── valkey.md │ └── troubleshooting.md └── mkdocs.yml ├── generators ├── charts │ ├── changelog.go │ ├── changelog_test.go │ ├── cluster_roles.go │ ├── crds.go │ ├── main.go │ ├── utils.go │ ├── version.go │ └── webhooks.go ├── docs │ ├── generator.go │ ├── generator_test.go │ ├── main.go │ └── validator.go └── userconfigs │ ├── generator.go │ ├── generator_test.go │ ├── generator_test_source.yml │ ├── main.go │ └── pg │ ├── pg.go │ └── zz_generated.deepcopy.go ├── go.mod ├── go.sum ├── hack └── boilerplate.go.txt ├── main.go ├── sweeper ├── main.go ├── service_integrations.go ├── services.go └── vpcs.go ├── test └── e2e │ ├── alloydbomni │ └── alloydbomni-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-cassandra.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── cassandra │ └── cassandra-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-cassandra.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── clickhouse │ └── clickhouse-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-clickhouse.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── grafana │ └── grafana-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-grafana.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── kafka-connector │ └── connect-kafka-to-postgres │ │ ├── 00-secret.yaml │ │ ├── 01-kafka-topic.yaml │ │ ├── 01-kafka.yaml │ │ ├── 01-postgres.yaml │ │ ├── 02-check-services-running.yaml │ │ ├── 03-connector.yaml │ │ ├── 04-write-and-receive.yaml │ │ └── 05-delete.yaml │ ├── kafka-topic │ └── simple-kafka-topic │ │ ├── 00-secret.yaml │ │ ├── 01-kafka-topic-acl.yaml │ │ ├── 01-kafka-topic.yaml │ │ ├── 01-kafka.yaml │ │ ├── 02-check-services-running.yaml │ │ └── 03-delete.yaml │ ├── kafka │ └── kafka-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-kafka.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── kuttl-test.preinstalled.yaml │ ├── kuttl-test.yaml │ ├── mysql │ └── mysql-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-mysql.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── opensearch │ └── opensearch-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-opensearch.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── projectvpc │ └── projectvpc-ref │ │ ├── 00-secret.yaml │ │ ├── 01-resources.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ ├── redis │ └── redis-simple-cluster │ │ ├── 00-secret.yaml │ │ ├── 01-redis.yaml │ │ ├── 02-check.yaml │ │ └── 03-delete.yaml │ └── service-integration │ ├── clickhouse-postgresql │ ├── 00-secret.yaml │ ├── 01-clickhouse.yaml │ ├── 01-postgresql.yaml │ ├── 02-check-services-running.yaml │ ├── 03-service-integration.yaml │ ├── 04-check-integration.yaml │ └── 05-delete.yaml │ └── kafka-logs │ ├── 00-secret.yaml │ ├── 01-kafka-topic.yaml │ ├── 01-kafka.yaml │ ├── 02-check-services-running.yaml │ ├── 03-service-integration.yaml │ ├── 04-check-topic.yaml │ └── 05-delete.yaml ├── tests ├── alloydbomni_test.go ├── cassandra_test.go ├── clickhouse_test.go ├── clickhousegrant_test.go ├── clickhouseuser_test.go ├── connectionpool_test.go ├── database_test.go ├── flink_test.go ├── generic_service_handler_test.go ├── grafana_test.go ├── kafka_test.go ├── kafka_with_projectvpc_ref_test.go ├── kafkaacl_test.go ├── kafkaconnect_test.go ├── kafkaconnector_test.go ├── kafkanativeacl_test.go ├── kafkaschema_test.go ├── kafkatopic_test.go ├── kafkschemaregistryacl_test.go ├── mysql_test.go ├── opensearch_test.go ├── postgresql_test.go ├── project_test.go ├── projectvpc_test.go ├── redis_test.go ├── service_opts_test.go ├── serviceintegration_test.go ├── serviceintegrationendpoint_test.go ├── serviceuser_test.go ├── session.go ├── suite_lib.go ├── suite_lib_test.go ├── suite_test.go └── valkey_test.go └── utils ├── alloydbomni ├── service_account_credentials_validator.go └── service_account_credentials_validator_test.go ├── clickhouse ├── clickhouse_grant.go └── clickhouse_query.go └── utils.go /.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @aiven/team-nexus 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: / 5 | schedule: 6 | interval: weekly 7 | groups: 8 | main: 9 | applies-to: version-updates 10 | patterns: 11 | - "*" 12 | sec: 13 | applies-to: security-updates 14 | patterns: 15 | - "*" 16 | - package-ecosystem: gomod 17 | directory: / 18 | schedule: 19 | interval: weekly 20 | ignore: 21 | - dependency-name: k8s.io/api 22 | update-types: 23 | - version-update:semver-major 24 | - version-update:semver-minor 25 | - dependency-name: k8s.io/apimachinery 26 | update-types: 27 | - version-update:semver-major 28 | - version-update:semver-minor 29 | - dependency-name: k8s.io/client-go 30 | update-types: 31 | - version-update:semver-major 32 | - version-update:semver-minor 33 | - dependency-name: sigs.k8s.io/controller-runtime 34 | update-types: 35 | - version-update:semver-major 36 | - version-update:semver-minor 37 | groups: 38 | main: 39 | applies-to: version-updates 40 | patterns: 41 | - "*" 42 | sec: 43 | applies-to: security-updates 44 | patterns: 45 | - "*" 46 | -------------------------------------------------------------------------------- /.github/sync.yml: -------------------------------------------------------------------------------- 1 | aiven/aiven-charts: 2 | - source: charts/aiven-operator/ 3 | dest: charts/aiven-operator/ 4 | deleteOrphaned: true 5 | - source: charts/aiven-operator-crds/ 6 | dest: charts/aiven-operator-crds/ 7 | deleteOrphaned: true 8 | -------------------------------------------------------------------------------- /.github/workflows/force-sync-charts.yml: -------------------------------------------------------------------------------- 1 | name: force sync charts 2 | 3 | on: 4 | workflow_dispatch: {} 5 | 6 | # N.B. If you need to update this workflow, please make sure to update the one in the release.yml file as well. 7 | jobs: 8 | sync-charts: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@v4 12 | with: 13 | fetch-depth: 0 14 | - uses: BetaHuhn/repo-file-sync-action@v1 15 | with: 16 | GH_PAT: ${{ secrets.AIVEN_CI_PAT__VALID_WHILE_MURAD_IS_EMPLOYED }} 17 | COMMIT_PREFIX: "chore:" 18 | -------------------------------------------------------------------------------- /.github/workflows/generate.yml: -------------------------------------------------------------------------------- 1 | name: generate files 2 | 3 | on: 4 | pull_request: {} 5 | 6 | permissions: 7 | contents: write 8 | 9 | jobs: 10 | generate: 11 | runs-on: ubuntu-latest 12 | if: ${{ github.actor == 'dependabot[bot]' }} 13 | steps: 14 | - uses: actions/checkout@v4 15 | with: 16 | fetch-depth: 0 17 | - uses: actions/setup-go@v5 18 | with: 19 | go-version-file: go.mod 20 | - name: install goimports 21 | run: | 22 | go install golang.org/x/tools/cmd/goimports@latest 23 | - run: curl https://get.trunk.io -fsSL | bash 24 | - name: generate files 25 | run: make generate 26 | - uses: stefanzweifel/git-auto-commit-action@v5 27 | with: 28 | commit_message: "chore(userconfigs): generate files" 29 | -------------------------------------------------------------------------------- /.github/workflows/pages.yml: -------------------------------------------------------------------------------- 1 | name: pages 2 | 3 | on: 4 | workflow_dispatch: {} 5 | push: 6 | tags: 7 | - v* 8 | 9 | jobs: 10 | release_pages: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v4 15 | with: 16 | fetch-depth: 0 17 | - name: Generate docs 18 | uses: addnab/docker-run-action@v3 19 | with: 20 | image: squidfunk/mkdocs-material:latest 21 | options: -v ${{ github.workspace }}/docs/:/docs 22 | run: mkdocs build 23 | - name: Deploy 24 | uses: peaceiris/actions-gh-pages@v4 25 | with: 26 | github_token: ${{ secrets.GITHUB_TOKEN }} 27 | publish_dir: ./docs/site 28 | -------------------------------------------------------------------------------- /.github/workflows/trunk-upgrade.yml: -------------------------------------------------------------------------------- 1 | # https://github.com/trunk-io/trunk-action/tree/34242ec4eb8cf594887600f1f9b889e7c630ec18?tab=readme-ov-file#automatic-upgrades 2 | name: trunk upgrade 3 | 4 | on: 5 | schedule: 6 | - cron: 0 8 * * 1 7 | workflow_dispatch: {} 8 | 9 | permissions: read-all 10 | 11 | jobs: 12 | trunk_upgrade: 13 | runs-on: ubuntu-latest 14 | permissions: 15 | contents: write # For trunk to create PRs 16 | pull-requests: write # For trunk to create PRs 17 | steps: 18 | - uses: actions/checkout@v4 19 | with: 20 | fetch-depth: 0 21 | - uses: actions/setup-go@v5 22 | with: 23 | go-version-file: go.mod 24 | - uses: trunk-io/trunk-action/upgrade@v1 25 | with: 26 | prefix: "ci(deps): " 27 | lowercase-title: true 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | testbin/* 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | !vendor/**/zz_generated.* 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | 27 | # k8s test residues 28 | testbin/* 29 | kubeconfig 30 | *.coverprofile 31 | kind-logs* 32 | bundle-* 33 | 34 | # Internal Tools 35 | hack/tools/bin/* 36 | /Taskfile.yml 37 | /.task/ 38 | 39 | # Docs 40 | docs/site 41 | 42 | # Distribution 43 | dist 44 | 45 | # Environment files 46 | /.env 47 | 48 | # Go 49 | go.work 50 | go.work.sum 51 | -------------------------------------------------------------------------------- /.trunk/.gitignore: -------------------------------------------------------------------------------- 1 | *out 2 | *logs 3 | *actions 4 | *notifications 5 | *tools 6 | plugins 7 | user_trunk.yaml 8 | user.yaml 9 | tmp 10 | -------------------------------------------------------------------------------- /.trunk/configs/.hadolint.yaml: -------------------------------------------------------------------------------- 1 | # Following source doesn't work in most setups 2 | ignored: 3 | - SC1090 4 | - SC1091 5 | -------------------------------------------------------------------------------- /.trunk/configs/.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | # MD046/code-block-style 2 | # mkdocs code blocks inside admonitions trip this rule 3 | MD046: false 4 | 5 | # MD033/no-inline-html 6 | # allow inline html 7 | MD033: false 8 | 9 | # MD036/no-emphasis-as-heading 10 | # allow using **emphasis** as heading 11 | MD036: false 12 | 13 | # MD013/line-length 14 | # don't care about line length 15 | MD013: false 16 | 17 | # MD051/link-fragments 18 | # mkdocs admonitions and links aren't supported https://github.com/DavidAnson/markdownlint/issues/207 19 | MD051: false 20 | 21 | # MD025/single-title/single-h1 22 | # mkdocs renders link titles from YAML frontmatter and renders the content 23 | # title from the first title specified with "#" 24 | MD025: false 25 | -------------------------------------------------------------------------------- /.trunk/configs/.prettierignore: -------------------------------------------------------------------------------- 1 | *.md 2 | -------------------------------------------------------------------------------- /.trunk/configs/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | rules: 2 | quoted-strings: 3 | required: only-when-needed 4 | extra-allowed: 5 | - "{|}" 6 | empty-values: 7 | forbid-in-block-mappings: false 8 | forbid-in-flow-mappings: true 9 | key-duplicates: {} 10 | octal-values: 11 | forbid-implicit-octal: true 12 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM --platform=$BUILDPLATFORM golang:1.24 AS builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | COPY utils/ utils/ 17 | 18 | # Build 19 | ARG TARGETOS 20 | ARG TARGETARCH 21 | ARG VERSION=dev 22 | RUN CGO_ENABLED=0 GOOS="$TARGETOS" GOARCH="$TARGETARCH" go build -trimpath \ 23 | -ldflags="-s -w -X main.operatorVersion=${VERSION}" \ 24 | -a -o manager main.go 25 | 26 | # Use distroless as minimal base image to package the manager binary 27 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 28 | FROM gcr.io/distroless/static:nonroot 29 | WORKDIR / 30 | COPY --from=builder /workspace/manager . 31 | USER 65532:65532 32 | 33 | ENTRYPOINT ["/manager"] 34 | -------------------------------------------------------------------------------- /api/v1alpha1/common_test.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/stretchr/testify/assert" 7 | ) 8 | 9 | func TestConvertDiskSpace(t *testing.T) { 10 | cases := map[string]int{ 11 | "10GiB": 10240, 12 | "10gib": 10240, 13 | "10G": 10240, 14 | "10g": 10240, 15 | "1g": 1024, 16 | "2g": 2048, 17 | "": 0, 18 | } 19 | 20 | for k, v := range cases { 21 | t.Run(k, func(t *testing.T) { 22 | result := ConvertDiskSpace(k) 23 | assert.Equal(t, v, result) 24 | }) 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /api/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // +kubebuilder:object:generate=true 2 | // +groupName=aiven.io 3 | // +versionName=v1alpha1 4 | package v1alpha1 5 | -------------------------------------------------------------------------------- /api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 2 | 3 | // Package v1alpha1 contains API Schema definitions for the v1alpha1 API group 4 | // +kubebuilder:object:generate=true 5 | // +groupName=aiven.io 6 | package v1alpha1 7 | 8 | import ( 9 | "k8s.io/apimachinery/pkg/runtime/schema" 10 | "sigs.k8s.io/controller-runtime/pkg/scheme" 11 | ) 12 | 13 | var ( 14 | // GroupVersion is group version used to register these objects 15 | GroupVersion = schema.GroupVersion{Group: "aiven.io", Version: "v1alpha1"} 16 | 17 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 18 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 19 | 20 | // AddToScheme adds the types in this group-version to the given scheme. 21 | AddToScheme = SchemeBuilder.AddToScheme 22 | ) 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/autoscaler/autoscaler.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package autoscaleruserconfig 5 | 6 | // Integration user config 7 | type AutoscalerUserConfig struct{} 8 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/autoscaler/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package autoscaleruserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *AutoscalerUserConfig) DeepCopyInto(out *AutoscalerUserConfig) { 11 | *out = *in 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalerUserConfig. 15 | func (in *AutoscalerUserConfig) DeepCopy() *AutoscalerUserConfig { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(AutoscalerUserConfig) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/clickhouse_postgresql/clickhouse_postgresql.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package clickhousepostgresqluserconfig 5 | 6 | // Database to expose 7 | type Databases struct { 8 | // +kubebuilder:validation:MinLength=1 9 | // +kubebuilder:validation:MaxLength=63 10 | // PostgreSQL database to expose 11 | Database *string `groups:"create,update" json:"database,omitempty"` 12 | 13 | // +kubebuilder:validation:MinLength=1 14 | // +kubebuilder:validation:MaxLength=63 15 | // PostgreSQL schema to expose 16 | Schema *string `groups:"create,update" json:"schema,omitempty"` 17 | } 18 | 19 | // Integration user config 20 | type ClickhousePostgresqlUserConfig struct { 21 | // +kubebuilder:validation:MaxItems=10 22 | // Databases to expose 23 | Databases []*Databases `groups:"create,update" json:"databases,omitempty"` 24 | } 25 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/kafka_logs/kafka_logs.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package kafkalogsuserconfig 5 | 6 | type KafkaLogsUserConfig struct { 7 | // +kubebuilder:validation:MinLength=1 8 | // +kubebuilder:validation:MaxLength=249 9 | // Topic name 10 | KafkaTopic string `groups:"create,update" json:"kafka_topic"` 11 | 12 | // +kubebuilder:validation:MaxItems=5 13 | // The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent. 14 | SelectedLogFields []string `groups:"create,update" json:"selected_log_fields,omitempty"` 15 | } 16 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/kafka_logs/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package kafkalogsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *KafkaLogsUserConfig) DeepCopyInto(out *KafkaLogsUserConfig) { 11 | *out = *in 12 | if in.SelectedLogFields != nil { 13 | in, out := &in.SelectedLogFields, &out.SelectedLogFields 14 | *out = make([]string, len(*in)) 15 | copy(*out, *in) 16 | } 17 | } 18 | 19 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KafkaLogsUserConfig. 20 | func (in *KafkaLogsUserConfig) DeepCopy() *KafkaLogsUserConfig { 21 | if in == nil { 22 | return nil 23 | } 24 | out := new(KafkaLogsUserConfig) 25 | in.DeepCopyInto(out) 26 | return out 27 | } 28 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/logs/logs.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package logsuserconfig 5 | 6 | type LogsUserConfig struct { 7 | // +kubebuilder:validation:Minimum=1 8 | // +kubebuilder:validation:Maximum=10000 9 | // Elasticsearch index retention limit 10 | ElasticsearchIndexDaysMax *int `groups:"create,update" json:"elasticsearch_index_days_max,omitempty"` 11 | 12 | // +kubebuilder:validation:MinLength=1 13 | // +kubebuilder:validation:MaxLength=1024 14 | // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-_.]+$` 15 | // Elasticsearch index prefix 16 | ElasticsearchIndexPrefix *string `groups:"create,update" json:"elasticsearch_index_prefix,omitempty"` 17 | 18 | // +kubebuilder:validation:MaxItems=5 19 | // The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent. 20 | SelectedLogFields []string `groups:"create,update" json:"selected_log_fields,omitempty"` 21 | } 22 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integration/logs/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package logsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *LogsUserConfig) DeepCopyInto(out *LogsUserConfig) { 11 | *out = *in 12 | if in.ElasticsearchIndexDaysMax != nil { 13 | in, out := &in.ElasticsearchIndexDaysMax, &out.ElasticsearchIndexDaysMax 14 | *out = new(int) 15 | **out = **in 16 | } 17 | if in.ElasticsearchIndexPrefix != nil { 18 | in, out := &in.ElasticsearchIndexPrefix, &out.ElasticsearchIndexPrefix 19 | *out = new(string) 20 | **out = **in 21 | } 22 | if in.SelectedLogFields != nil { 23 | in, out := &in.SelectedLogFields, &out.SelectedLogFields 24 | *out = make([]string, len(*in)) 25 | copy(*out, *in) 26 | } 27 | } 28 | 29 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogsUserConfig. 30 | func (in *LogsUserConfig) DeepCopy() *LogsUserConfig { 31 | if in == nil { 32 | return nil 33 | } 34 | out := new(LogsUserConfig) 35 | in.DeepCopyInto(out) 36 | return out 37 | } 38 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/autoscaler/autoscaler.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package autoscaleruserconfig 5 | 6 | // Autoscaling properties for a service 7 | type Autoscaling struct { 8 | // +kubebuilder:validation:Minimum=50 9 | // +kubebuilder:validation:Maximum=10000 10 | // The maximum total disk size (in gb) to allow autoscaler to scale up to 11 | CapGb int `groups:"create,update" json:"cap_gb"` 12 | 13 | // +kubebuilder:validation:Enum="autoscale_disk" 14 | // Type of autoscale event 15 | Type string `groups:"create,update" json:"type"` 16 | } 17 | type AutoscalerUserConfig struct { 18 | // +kubebuilder:validation:MaxItems=64 19 | // Configure autoscaling thresholds for a service 20 | Autoscaling []*Autoscaling `groups:"create,update" json:"autoscaling"` 21 | } 22 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_aws_cloudwatch_logs/external_aws_cloudwatch_logs.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalawscloudwatchlogsuserconfig 5 | 6 | type ExternalAwsCloudwatchLogsUserConfig struct { 7 | // +kubebuilder:validation:MaxLength=4096 8 | // AWS access key. Required permissions are logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents and logs:DescribeLogStreams 9 | AccessKey string `groups:"create,update" json:"access_key"` 10 | 11 | // +kubebuilder:validation:MinLength=1 12 | // +kubebuilder:validation:MaxLength=512 13 | // +kubebuilder:validation:Pattern=`^[\.\-_/#A-Za-z0-9]+$` 14 | // AWS CloudWatch log group name 15 | LogGroupName *string `groups:"create,update" json:"log_group_name,omitempty"` 16 | 17 | // +kubebuilder:validation:MaxLength=32 18 | // AWS region 19 | Region string `groups:"create,update" json:"region"` 20 | 21 | // +kubebuilder:validation:MaxLength=4096 22 | // AWS secret key 23 | SecretKey string `groups:"create,update" json:"secret_key"` 24 | } 25 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_aws_cloudwatch_logs/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalawscloudwatchlogsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalAwsCloudwatchLogsUserConfig) DeepCopyInto(out *ExternalAwsCloudwatchLogsUserConfig) { 11 | *out = *in 12 | if in.LogGroupName != nil { 13 | in, out := &in.LogGroupName, &out.LogGroupName 14 | *out = new(string) 15 | **out = **in 16 | } 17 | } 18 | 19 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAwsCloudwatchLogsUserConfig. 20 | func (in *ExternalAwsCloudwatchLogsUserConfig) DeepCopy() *ExternalAwsCloudwatchLogsUserConfig { 21 | if in == nil { 22 | return nil 23 | } 24 | out := new(ExternalAwsCloudwatchLogsUserConfig) 25 | in.DeepCopyInto(out) 26 | return out 27 | } 28 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_aws_cloudwatch_metrics/external_aws_cloudwatch_metrics.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalawscloudwatchmetricsuserconfig 5 | 6 | type ExternalAwsCloudwatchMetricsUserConfig struct { 7 | // +kubebuilder:validation:MaxLength=4096 8 | // AWS access key. Required permissions are cloudwatch:PutMetricData 9 | AccessKey string `groups:"create,update" json:"access_key"` 10 | 11 | // +kubebuilder:validation:MinLength=1 12 | // +kubebuilder:validation:MaxLength=255 13 | // AWS CloudWatch Metrics Namespace 14 | Namespace string `groups:"create,update" json:"namespace"` 15 | 16 | // +kubebuilder:validation:MaxLength=32 17 | // AWS region 18 | Region string `groups:"create,update" json:"region"` 19 | 20 | // +kubebuilder:validation:MaxLength=4096 21 | // AWS secret key 22 | SecretKey string `groups:"create,update" json:"secret_key"` 23 | } 24 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_aws_cloudwatch_metrics/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalawscloudwatchmetricsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalAwsCloudwatchMetricsUserConfig) DeepCopyInto(out *ExternalAwsCloudwatchMetricsUserConfig) { 11 | *out = *in 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAwsCloudwatchMetricsUserConfig. 15 | func (in *ExternalAwsCloudwatchMetricsUserConfig) DeepCopy() *ExternalAwsCloudwatchMetricsUserConfig { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(ExternalAwsCloudwatchMetricsUserConfig) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_elasticsearch_logs/external_elasticsearch_logs.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalelasticsearchlogsuserconfig 5 | 6 | type ExternalElasticsearchLogsUserConfig struct { 7 | // +kubebuilder:validation:MaxLength=16384 8 | // PEM encoded CA certificate 9 | Ca *string `groups:"create,update" json:"ca,omitempty"` 10 | 11 | // +kubebuilder:validation:Minimum=1 12 | // +kubebuilder:validation:Maximum=10000 13 | // Maximum number of days of logs to keep 14 | IndexDaysMax *int `groups:"create,update" json:"index_days_max,omitempty"` 15 | 16 | // +kubebuilder:validation:MinLength=1 17 | // +kubebuilder:validation:MaxLength=1000 18 | // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-_.]+$` 19 | // Elasticsearch index prefix 20 | IndexPrefix string `groups:"create,update" json:"index_prefix"` 21 | 22 | // +kubebuilder:validation:Minimum=10 23 | // +kubebuilder:validation:Maximum=120 24 | // Elasticsearch request timeout limit 25 | Timeout *float64 `groups:"create,update" json:"timeout,omitempty"` 26 | 27 | // +kubebuilder:validation:MinLength=12 28 | // +kubebuilder:validation:MaxLength=2048 29 | // Elasticsearch connection URL 30 | Url string `groups:"create,update" json:"url"` 31 | } 32 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_elasticsearch_logs/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalelasticsearchlogsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalElasticsearchLogsUserConfig) DeepCopyInto(out *ExternalElasticsearchLogsUserConfig) { 11 | *out = *in 12 | if in.Ca != nil { 13 | in, out := &in.Ca, &out.Ca 14 | *out = new(string) 15 | **out = **in 16 | } 17 | if in.IndexDaysMax != nil { 18 | in, out := &in.IndexDaysMax, &out.IndexDaysMax 19 | *out = new(int) 20 | **out = **in 21 | } 22 | if in.Timeout != nil { 23 | in, out := &in.Timeout, &out.Timeout 24 | *out = new(float64) 25 | **out = **in 26 | } 27 | } 28 | 29 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalElasticsearchLogsUserConfig. 30 | func (in *ExternalElasticsearchLogsUserConfig) DeepCopy() *ExternalElasticsearchLogsUserConfig { 31 | if in == nil { 32 | return nil 33 | } 34 | out := new(ExternalElasticsearchLogsUserConfig) 35 | in.DeepCopyInto(out) 36 | return out 37 | } 38 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_google_cloud_bigquery/external_google_cloud_bigquery.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalgooglecloudbigqueryuserconfig 5 | 6 | // User configuration for Google Cloud BigQuery integration 7 | type ExternalGoogleCloudBigqueryUserConfig struct { 8 | // +kubebuilder:validation:MinLength=6 9 | // +kubebuilder:validation:MaxLength=30 10 | // GCP project id. 11 | ProjectId string `groups:"create,update" json:"project_id"` 12 | 13 | // +kubebuilder:validation:MaxLength=4096 14 | // This is a JSON object with the fields documented in https://cloud.google.com/iam/docs/creating-managing-service-account-keys . 15 | ServiceAccountCredentials string `groups:"create,update" json:"service_account_credentials"` 16 | } 17 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_google_cloud_bigquery/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalgooglecloudbigqueryuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalGoogleCloudBigqueryUserConfig) DeepCopyInto(out *ExternalGoogleCloudBigqueryUserConfig) { 11 | *out = *in 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalGoogleCloudBigqueryUserConfig. 15 | func (in *ExternalGoogleCloudBigqueryUserConfig) DeepCopy() *ExternalGoogleCloudBigqueryUserConfig { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(ExternalGoogleCloudBigqueryUserConfig) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_google_cloud_logging/external_google_cloud_logging.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalgooglecloudlogginguserconfig 5 | 6 | // User configuration for Google Cloud Logging integration 7 | type ExternalGoogleCloudLoggingUserConfig struct { 8 | // +kubebuilder:validation:MaxLength=512 9 | // Google Cloud Logging log id 10 | LogId string `groups:"create,update" json:"log_id"` 11 | 12 | // +kubebuilder:validation:MinLength=6 13 | // +kubebuilder:validation:MaxLength=30 14 | // GCP project id. 15 | ProjectId string `groups:"create,update" json:"project_id"` 16 | 17 | // +kubebuilder:validation:MaxLength=4096 18 | // This is a JSON object with the fields documented in https://cloud.google.com/iam/docs/creating-managing-service-account-keys . 19 | ServiceAccountCredentials string `groups:"create,update" json:"service_account_credentials"` 20 | } 21 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_google_cloud_logging/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalgooglecloudlogginguserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalGoogleCloudLoggingUserConfig) DeepCopyInto(out *ExternalGoogleCloudLoggingUserConfig) { 11 | *out = *in 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalGoogleCloudLoggingUserConfig. 15 | func (in *ExternalGoogleCloudLoggingUserConfig) DeepCopy() *ExternalGoogleCloudLoggingUserConfig { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(ExternalGoogleCloudLoggingUserConfig) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_opensearch_logs/external_opensearch_logs.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalopensearchlogsuserconfig 5 | 6 | type ExternalOpensearchLogsUserConfig struct { 7 | // +kubebuilder:validation:MaxLength=16384 8 | // PEM encoded CA certificate 9 | Ca *string `groups:"create,update" json:"ca,omitempty"` 10 | 11 | // +kubebuilder:validation:Minimum=1 12 | // +kubebuilder:validation:Maximum=10000 13 | // Maximum number of days of logs to keep 14 | IndexDaysMax *int `groups:"create,update" json:"index_days_max,omitempty"` 15 | 16 | // +kubebuilder:validation:MinLength=1 17 | // +kubebuilder:validation:MaxLength=1000 18 | // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-_.]+$` 19 | // OpenSearch index prefix 20 | IndexPrefix string `groups:"create,update" json:"index_prefix"` 21 | 22 | // +kubebuilder:validation:Minimum=10 23 | // +kubebuilder:validation:Maximum=120 24 | // OpenSearch request timeout limit 25 | Timeout *float64 `groups:"create,update" json:"timeout,omitempty"` 26 | 27 | // +kubebuilder:validation:MinLength=12 28 | // +kubebuilder:validation:MaxLength=2048 29 | // OpenSearch connection URL 30 | Url string `groups:"create,update" json:"url"` 31 | } 32 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_opensearch_logs/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalopensearchlogsuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalOpensearchLogsUserConfig) DeepCopyInto(out *ExternalOpensearchLogsUserConfig) { 11 | *out = *in 12 | if in.Ca != nil { 13 | in, out := &in.Ca, &out.Ca 14 | *out = new(string) 15 | **out = **in 16 | } 17 | if in.IndexDaysMax != nil { 18 | in, out := &in.IndexDaysMax, &out.IndexDaysMax 19 | *out = new(int) 20 | **out = **in 21 | } 22 | if in.Timeout != nil { 23 | in, out := &in.Timeout, &out.Timeout 24 | *out = new(float64) 25 | **out = **in 26 | } 27 | } 28 | 29 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalOpensearchLogsUserConfig. 30 | func (in *ExternalOpensearchLogsUserConfig) DeepCopy() *ExternalOpensearchLogsUserConfig { 31 | if in == nil { 32 | return nil 33 | } 34 | out := new(ExternalOpensearchLogsUserConfig) 35 | in.DeepCopyInto(out) 36 | return out 37 | } 38 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_schema_registry/external_schema_registry.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package externalschemaregistryuserconfig 5 | 6 | type ExternalSchemaRegistryUserConfig struct { 7 | // +kubebuilder:validation:Enum="basic";"none" 8 | // Authentication method 9 | Authentication string `groups:"create,update" json:"authentication"` 10 | 11 | // +kubebuilder:validation:MaxLength=256 12 | // Basic authentication password 13 | BasicAuthPassword *string `groups:"create,update" json:"basic_auth_password,omitempty"` 14 | 15 | // +kubebuilder:validation:MaxLength=256 16 | // Basic authentication user name 17 | BasicAuthUsername *string `groups:"create,update" json:"basic_auth_username,omitempty"` 18 | 19 | // +kubebuilder:validation:MaxLength=2048 20 | // Schema Registry URL 21 | Url string `groups:"create,update" json:"url"` 22 | } 23 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/external_schema_registry/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package externalschemaregistryuserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *ExternalSchemaRegistryUserConfig) DeepCopyInto(out *ExternalSchemaRegistryUserConfig) { 11 | *out = *in 12 | if in.BasicAuthPassword != nil { 13 | in, out := &in.BasicAuthPassword, &out.BasicAuthPassword 14 | *out = new(string) 15 | **out = **in 16 | } 17 | if in.BasicAuthUsername != nil { 18 | in, out := &in.BasicAuthUsername, &out.BasicAuthUsername 19 | *out = new(string) 20 | **out = **in 21 | } 22 | } 23 | 24 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSchemaRegistryUserConfig. 25 | func (in *ExternalSchemaRegistryUserConfig) DeepCopy() *ExternalSchemaRegistryUserConfig { 26 | if in == nil { 27 | return nil 28 | } 29 | out := new(ExternalSchemaRegistryUserConfig) 30 | in.DeepCopyInto(out) 31 | return out 32 | } 33 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/jolokia/jolokia.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package jolokiauserconfig 5 | 6 | type JolokiaUserConfig struct { 7 | // +kubebuilder:validation:MinLength=8 8 | // +kubebuilder:validation:MaxLength=64 9 | // Jolokia basic authentication password 10 | BasicAuthPassword *string `groups:"create,update" json:"basic_auth_password,omitempty"` 11 | 12 | // +kubebuilder:validation:MinLength=5 13 | // +kubebuilder:validation:MaxLength=32 14 | // +kubebuilder:validation:Pattern=`^[a-z0-9\-@_]{5,32}$` 15 | // Jolokia basic authentication username 16 | BasicAuthUsername *string `groups:"create,update" json:"basic_auth_username,omitempty"` 17 | } 18 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/jolokia/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package jolokiauserconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *JolokiaUserConfig) DeepCopyInto(out *JolokiaUserConfig) { 11 | *out = *in 12 | if in.BasicAuthPassword != nil { 13 | in, out := &in.BasicAuthPassword, &out.BasicAuthPassword 14 | *out = new(string) 15 | **out = **in 16 | } 17 | if in.BasicAuthUsername != nil { 18 | in, out := &in.BasicAuthUsername, &out.BasicAuthUsername 19 | *out = new(string) 20 | **out = **in 21 | } 22 | } 23 | 24 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JolokiaUserConfig. 25 | func (in *JolokiaUserConfig) DeepCopy() *JolokiaUserConfig { 26 | if in == nil { 27 | return nil 28 | } 29 | out := new(JolokiaUserConfig) 30 | in.DeepCopyInto(out) 31 | return out 32 | } 33 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/prometheus/prometheus.go: -------------------------------------------------------------------------------- 1 | // Code generated by user config generator. DO NOT EDIT. 2 | // +kubebuilder:object:generate=true 3 | 4 | package prometheususerconfig 5 | 6 | type PrometheusUserConfig struct { 7 | // +kubebuilder:validation:MinLength=8 8 | // +kubebuilder:validation:MaxLength=64 9 | // Prometheus basic authentication password 10 | BasicAuthPassword *string `groups:"create,update" json:"basic_auth_password,omitempty"` 11 | 12 | // +kubebuilder:validation:MinLength=5 13 | // +kubebuilder:validation:MaxLength=32 14 | // +kubebuilder:validation:Pattern=`^[a-z0-9\-@_]{5,32}$` 15 | // Prometheus basic authentication username 16 | BasicAuthUsername *string `groups:"create,update" json:"basic_auth_username,omitempty"` 17 | } 18 | -------------------------------------------------------------------------------- /api/v1alpha1/userconfig/integrationendpoints/prometheus/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | 3 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 4 | 5 | // Code generated by controller-gen. DO NOT EDIT. 6 | 7 | package prometheususerconfig 8 | 9 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 10 | func (in *PrometheusUserConfig) DeepCopyInto(out *PrometheusUserConfig) { 11 | *out = *in 12 | if in.BasicAuthPassword != nil { 13 | in, out := &in.BasicAuthPassword, &out.BasicAuthPassword 14 | *out = new(string) 15 | **out = **in 16 | } 17 | if in.BasicAuthUsername != nil { 18 | in, out := &in.BasicAuthUsername, &out.BasicAuthUsername 19 | *out = new(string) 20 | **out = **in 21 | } 22 | } 23 | 24 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusUserConfig. 25 | func (in *PrometheusUserConfig) DeepCopy() *PrometheusUserConfig { 26 | if in == nil { 27 | return nil 28 | } 29 | out := new(PrometheusUserConfig) 30 | in.DeepCopyInto(out) 31 | return out 32 | } 33 | -------------------------------------------------------------------------------- /charts/aiven-operator-crds/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/aiven-operator-crds/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: aiven-operator-crds 3 | description: A Helm chart to deploy the aiven operator custom resource definitions 4 | type: application 5 | version: v0.29.0 6 | appVersion: v0.29.0 7 | maintainers: 8 | - name: byashimov 9 | url: https://www.aiven.io 10 | - name: jeff-held-aiven 11 | url: https://www.aiven.io 12 | - name: rriski 13 | url: https://www.aiven.io 14 | -------------------------------------------------------------------------------- /charts/aiven-operator-crds/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aiven/aiven-operator/4e6992b1553beac61a9278515b7467cda92239a1/charts/aiven-operator-crds/values.yaml -------------------------------------------------------------------------------- /charts/aiven-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | 25 | # ci specific config 26 | ci/ 27 | -------------------------------------------------------------------------------- /charts/aiven-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: aiven-operator 3 | description: A Helm chart to deploy the aiven operator 4 | type: application 5 | version: v0.29.0 6 | appVersion: v0.29.0 7 | maintainers: 8 | - name: byashimov 9 | url: https://www.aiven.io 10 | - name: jeff-held-aiven 11 | url: https://www.aiven.io 12 | - name: rriski 13 | url: https://www.aiven.io 14 | -------------------------------------------------------------------------------- /charts/aiven-operator/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | webhooks: 2 | enabled: false 3 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhooks.enabled }} 2 | 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: {{ include "aiven-operator.fullname" . }}-webhook-certificate 7 | namespace: {{ include "aiven-operator.namespace" . }} 8 | labels: 9 | {{- include "aiven-operator.labels" . | nindent 4 }} 10 | spec: 11 | dnsNames: 12 | - {{ include "aiven-operator.fullname" . }}-webhook-service.{{ include "aiven-operator.namespace" . }}.svc 13 | - {{ include "aiven-operator.fullname" . }}-webhook-service.{{ include "aiven-operator.namespace" . }}.svc.cluster.local 14 | issuerRef: 15 | kind: Issuer 16 | name: {{ include "aiven-operator.fullname" . }}-selfsigned-issuer 17 | secretName: webhook-server-cert 18 | 19 | --- 20 | 21 | apiVersion: cert-manager.io/v1 22 | kind: Issuer 23 | metadata: 24 | name: {{ include "aiven-operator.fullname" . }}-selfsigned-issuer 25 | namespace: {{ include "aiven-operator.namespace" . }} 26 | labels: 27 | {{- include "aiven-operator.labels" . | nindent 4 }} 28 | spec: 29 | selfSigned: {} 30 | 31 | --- 32 | 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/cluster_role_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.clusterRole.create (not .Values.watchedNamespaces) -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "aiven-operator.fullname" . }}-rolebinding 6 | namespace: {{ include "aiven-operator.namespace" . }} 7 | labels: 8 | {{- include "aiven-operator.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ include "aiven-operator.fullname" . }}-role 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "aiven-operator.serviceAccountName" . }} 16 | namespace: {{ include "aiven-operator.namespace" . }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/election_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ include "aiven-operator.fullname" . }}-election-role 5 | namespace: {{ include "aiven-operator.namespace" . }} 6 | labels: 7 | {{- include "aiven-operator.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - configmaps/status 25 | verbs: 26 | - get 27 | - update 28 | - patch 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - events 33 | verbs: 34 | - create 35 | - patch 36 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ include "aiven-operator.fullname" . }}-election-rolebinding 5 | namespace: {{ include "aiven-operator.namespace" . }} 6 | labels: 7 | {{- include "aiven-operator.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ include "aiven-operator.fullname" . }}-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "aiven-operator.serviceAccountName" . }} 15 | namespace: {{ include "aiven-operator.namespace" . }} 16 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/ensure_cert_manager_if_webhooks_are_enabled.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhooks.enabled }} 2 | 3 | {{- if .Values.webhooks.checkCapabilities }} 4 | {{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}} 5 | {{- fail "Required Cert Manager CRDs are missing even though Webhooks are enabled and Cert Manager is required" }} 6 | {{ end }} 7 | {{ end }} 8 | 9 | {{ end }} 10 | 11 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "aiven-operator.fullname" . }} 6 | labels: 7 | {{- include "aiven-operator.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "aiven-operator.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/role_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterRole.create }} 2 | {{- $operatorNamespace := include "aiven-operator.namespace" . }} 3 | {{- range $watchedNamespace := prepend .Values.watchedNamespaces $operatorNamespace | uniq }} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: {{ include "aiven-operator.fullname" $ }}-rolebinding 9 | namespace: {{ $watchedNamespace }} 10 | labels: 11 | {{- include "aiven-operator.labels" $ | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ include "aiven-operator.fullname" $ }}-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ include "aiven-operator.serviceAccountName" $ }} 19 | namespace: {{ $operatorNamespace }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhooks.enabled }} 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ include "aiven-operator.fullname" . }}-webhook-service 7 | namespace: {{ include "aiven-operator.namespace" . }} 8 | labels: 9 | {{- include "aiven-operator.labels" . | nindent 4 }} 10 | spec: 11 | ports: 12 | - port: {{ .Values.webhooks.servicePort }} 13 | targetPort: webhook 14 | protocol: TCP 15 | name: webhook 16 | selector: 17 | {{- include "aiven-operator.selectorLabels" . | nindent 4 }} 18 | 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/aiven-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "aiven-operator.serviceAccountName" . }} 6 | labels: 7 | {{- include "aiven-operator.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /commitlint.config.mjs: -------------------------------------------------------------------------------- 1 | export default { 2 | extends: ["@commitlint/config-conventional"], 3 | ignores: [(msg) => /Signed-off-by: dependabot\[bot]/m.test(msg)], 4 | }; 5 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. 4 | apiVersion: cert-manager.io/v1 5 | kind: Issuer 6 | metadata: 7 | name: selfsigned-issuer 8 | namespace: system 9 | spec: 10 | selfSigned: {} 11 | --- 12 | apiVersion: cert-manager.io/v1 13 | kind: Certificate 14 | metadata: 15 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 16 | namespace: system 17 | spec: 18 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 19 | dnsNames: 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 22 | issuerRef: 23 | kind: Issuer 24 | name: selfsigned-issuer 25 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 26 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_alloydbomnis.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: alloydbomnis.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_cassandras.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: cassandras.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_clickhouseroles.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: clickhouseroles.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_clickhouses.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: clickhouses.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_clickhouseusers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: clickhouseusers.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_connectionpools.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: connectionpools.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_databases.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: databases.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_flinks.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: flinks.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_grafanas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: grafanas.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkaacls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkaacls.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkaconnectors.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkaconnectors.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkaconnects.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkaconnects.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkas.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkaschemaregistryacls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkaschemaregistryacls.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkaschemas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkaschemas.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_kafkatopics.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: kafkatopics.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_mysqls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: mysqls.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_opensearches.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: opensearches.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_postgresqls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: postgresqls.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_projects.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: projects.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_redis.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: redis.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_serviceintegrationendpoints.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: serviceintegrationendpoints.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_serviceintegrations.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: serviceintegrations.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_serviceusers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: serviceusers.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_valkeys.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: valkeys.aiven.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_alloydbomnis.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: alloydbomnis.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_cassandras.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: cassandras.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_clickhouseroles.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: clickhouseroles.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_clickhouses.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: clickhouses.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_clickhouseusers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: clickhouseusers.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_connectionpools.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: connectionpools.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_databases.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: databases.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_flinks.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: flinks.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_grafanas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: grafanas.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkaacls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkaacls.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkaconnectors.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkaconnectors.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkaconnects.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkaconnects.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkas.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkaschemaregistryacls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkaschemaregistryacls.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkaschemas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkaschemas.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_kafkatopics.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: kafkatopics.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_mysqls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: mysqls.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_opensearches.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: opensearches.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_postgresqls.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: postgresqls.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_projects.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: projects.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_redis.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: redis.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_serviceintegrationendpoints.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: serviceintegrationendpoints.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_serviceintegrations.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: serviceintegrations.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_serviceusers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: serviceusers.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_valkeys.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: valkeys.aiven.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - --config=controller_manager_config.yaml 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 40db2fac.aiven.io 12 | # leaderElectionReleaseOnCancel defines if the leader should step down volume 13 | # when the Manager ends. This requires the binary to immediately end when the 14 | # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly 15 | # speeds up voluntary leader transitions as the new leader don't have to wait 16 | # LeaseDuration time first. 17 | # In the default scaffold provided, the program ends immediately after 18 | # the manager stops, so would be fine to enable this option. However, 19 | # if you are doing or is intended to do any operation such as perform cleanups 20 | # after the manager stops then its usage might be unsafe. 21 | # leaderElectionReleaseOnCancel: true 22 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - files: 9 | - controller_manager_config.yaml 10 | name: manager-config 11 | apiVersion: kustomize.config.k8s.io/v1beta1 12 | kind: Kustomization 13 | images: 14 | - name: controller 15 | newName: aivenoy/aiven-operator 16 | newTag: b67bdfc15f9cac73542c68891f74382665311202 17 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | # Prometheus Monitor Service (Metrics) 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | name: controller-manager-metrics-monitor 8 | namespace: system 9 | spec: 10 | endpoints: 11 | - path: /metrics 12 | port: https 13 | scheme: https 14 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 15 | tlsConfig: 16 | insecureSkipVerify: true 17 | selector: 18 | matchLabels: 19 | control-plane: controller-manager 20 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - /metrics 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /config/rbac/cassandra_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit cassandras. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cassandra-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - cassandras 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - cassandras/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/cassandra_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view cassandras. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cassandra-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - cassandras 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - cassandras/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/clickhouse_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit clickhouses. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: clickhouse-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - clickhouses 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - clickhouses/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/clickhouse_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view clickhouses. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: clickhouse-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - clickhouses 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - clickhouses/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/clickhousedatabase_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit clickhousedatabases. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: clickhousedatabase-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: clickhousedatabase-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - clickhousedatabases 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - clickhousedatabases/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/clickhousedatabase_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view clickhousedatabases. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: clickhousedatabase-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: clickhousedatabase-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - clickhousedatabases 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - clickhousedatabases/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/clickhouserole_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit clickhouseroles. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: clickhouserole-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: clickhouserole-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - clickhouseroles 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - clickhouseroles/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/clickhouserole_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view clickhouseroles. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: clickhouserole-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: clickhouserole-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - clickhouseroles 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - clickhouseroles/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/clickhouseuser_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit clickhouseusers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: clickhouseuser-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - clickhouseusers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - clickhouseusers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/clickhouseuser_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view clickhouseusers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: clickhouseuser-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - clickhouseusers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - clickhouseusers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/connectionpool_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit connectionpools. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: connectionpool-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - connectionpools 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - connectionpools/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/connectionpool_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view connectionpools. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: connectionpool-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - connectionpools 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - connectionpools/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/database_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit databases. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: database-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - databases 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - databases/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/database_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view databases. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: database-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - databases 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - databases/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/flink_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit flinks. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: flink-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: flink-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - flinks 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - flinks/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/flink_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view flinks. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: flink-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: flink-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - flinks 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - flinks/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/grafana_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit grafanas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: grafana-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - grafanas 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - grafanas/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/grafana_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view grafanas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: grafana-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - grafanas 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - grafanas/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafka_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafka-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkas 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkas/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafka_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafka-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkas 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkas/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafkaacl_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkaacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaacl-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaacls 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkaacls/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafkaacl_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkaacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaacl-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaacls 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkaacls/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafkaconnect_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkaconnects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaconnect-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaconnects 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkaconnects/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafkaconnect_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkaconnects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaconnect-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaconnects 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkaconnects/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafkaconnector_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkaconnectors. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaconnector-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaconnectors 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkaconnectors/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafkaconnector_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkaconnectors. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaconnector-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaconnectors 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkaconnectors/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafkanativeacl_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkanativeacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: kafkanativeacl-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: kafkanativeacl-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - kafkanativeacls 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - kafkanativeacls/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/kafkanativeacl_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkanativeacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: kafkanativeacl-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: kafkanativeacl-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - kafkanativeacls 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - kafkanativeacls/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/kafkaschema_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkaschemas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaschema-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaschemas 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkaschemas/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafkaschema_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkaschemas. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkaschema-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkaschemas 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkaschemas/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kafkaschemaregistryacl_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkaschemaregistryacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: kafkaschemaregistryacl-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: kafkaschemaregistryacl-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - kafkaschemaregistryacls 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - kafkaschemaregistryacls/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/kafkaschemaregistryacl_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkaschemaregistryacls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: kafkaschemaregistryacl-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: kafkaschemaregistryacl-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - kafkaschemaregistryacls 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - kafkaschemaregistryacls/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/kafkatopic_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit kafkatopics. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkatopic-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkatopics 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - kafkatopics/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/kafkatopic_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view kafkatopics. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kafkatopic-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - kafkatopics 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - kafkatopics/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/mysql_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit mysqls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: mysql-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - mysqls 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - mysqls/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/mysql_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view mysqls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: mysql-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - mysqls 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - mysqls/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/opensearch_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit opensearches. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: opensearch-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - opensearches 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - opensearches/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/opensearch_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view opensearches. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: opensearch-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - opensearches 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - opensearches/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/postgresql_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit postgresqls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: postgresql-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - postgresqls 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - postgresqls/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/postgresql_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view postgresqls. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: postgresql-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - postgresqls 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - postgresqls/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/project_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit projects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: project-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - projects 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - projects/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/project_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view projects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: project-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - projects 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - projects/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/projectvpc_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit projectvpcs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: projectvpc-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - projectvpcs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - projectvpcs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/projectvpc_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view projectvpcs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: projectvpc-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - projectvpcs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - projectvpcs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/redis_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit redis. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: redis-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - redis 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - redis/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/redis_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view redis. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: redis-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - redis 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - redis/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /config/rbac/serviceintegration_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit serviceintegrations. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: serviceintegration-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - serviceintegrations 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - serviceintegrations/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/serviceintegration_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view serviceintegrations. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: serviceintegration-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - serviceintegrations 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - serviceintegrations/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/serviceintegrationendpoint_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit serviceintegrationendpoints. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: serviceintegrationendpoint-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: serviceintegrationendpoint-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - serviceintegrationendpoints 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - serviceintegrationendpoints/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/serviceintegrationendpoint_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view serviceintegrationendpoints. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: serviceintegrationendpoint-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: serviceintegrationendpoint-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - serviceintegrationendpoints 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - serviceintegrationendpoints/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/serviceuser_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit serviceusers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: serviceuser-editor-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - serviceusers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - aiven.io 21 | resources: 22 | - serviceusers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/serviceuser_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view serviceusers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: serviceuser-viewer-role 6 | rules: 7 | - apiGroups: 8 | - aiven.io 9 | resources: 10 | - serviceusers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - aiven.io 17 | resources: 18 | - serviceusers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/valkey_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit valkeys. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: valkey-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: valkey-editor-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - valkeys 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - aiven.io 28 | resources: 29 | - valkeys/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/valkey_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view valkeys. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: valkey-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: aiven-operator 10 | app.kubernetes.io/part-of: aiven-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: valkey-viewer-role 13 | rules: 14 | - apiGroups: 15 | - aiven.io 16 | resources: 17 | - valkeys 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - aiven.io 24 | resources: 25 | - valkeys/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Cassandra 3 | metadata: 4 | name: cassandra-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: cassandra-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | migrate_sstableloader: true 23 | public_access: 24 | prometheus: true 25 | ip_filter: 26 | - network: 0.0.0.0 27 | description: whatever 28 | - network: 10.20.0.0/16 29 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Clickhouse 3 | metadata: 4 | name: clickhouse-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_clickhousedatabase.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseDatabase 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clickhousedatabase 6 | app.kubernetes.io/instance: clickhousedatabase-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: clickhousedatabase-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_clickhouserole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clickhouserole 6 | app.kubernetes.io/instance: clickhouserole-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: clickhouserole-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_clickhouseuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseUser 3 | metadata: 4 | name: clickhouseuser-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_connectionpool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ConnectionPool 3 | metadata: 4 | name: connectionpool-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Database 3 | metadata: 4 | name: database-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_flink.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Flink 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: flink 6 | app.kubernetes.io/instance: flink-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: flink-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Grafana 3 | metadata: 4 | name: grafana-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: grafana-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-1 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | public_access: 23 | grafana: true 24 | ip_filter: 25 | - network: 0.0.0.0 26 | description: whatever 27 | - network: 10.20.0.0/16 28 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: kafka-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkaacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaACL 3 | metadata: 4 | name: kafkaacl-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkaconnect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaConnect 3 | metadata: 4 | name: kafkaconnect-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkaconnector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaConnector 3 | metadata: 4 | name: kafkaconnector-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkanativeacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaNativeACL 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: kafkanativeacl 6 | app.kubernetes.io/instance: kafkanativeacl-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: kafkanativeacl-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkaschema.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaSchema 3 | metadata: 4 | name: kafkaschema-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkaschemaregistryacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaSchemaRegistryACL 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: kafkaschemaregistryacl 6 | app.kubernetes.io/instance: kafkaschemaregistryacl-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: kafkaschemaregistryacl-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_kafkatopic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaTopic 3 | metadata: 4 | name: kafkatopic-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: MySQL 3 | metadata: 4 | name: mysql-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: mysql-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | backup_hour: 17 23 | backup_minute: 11 24 | ip_filter: 25 | - network: 0.0.0.0 26 | description: whatever 27 | - network: 10.20.0.0/16 28 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_opensearch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: OpenSearch 3 | metadata: 4 | name: opensearch-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: postgresql-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Project 3 | metadata: 4 | name: project-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_projectvpc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ProjectVPC 3 | metadata: 4 | name: projectvpc-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Redis 3 | metadata: 4 | name: redis-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_serviceintegration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: serviceintegration-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_serviceintegrationendpoint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegrationEndpoint 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: serviceintegrationendpoint 6 | app.kubernetes.io/instance: serviceintegrationendpoint-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: serviceintegrationendpoint-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_serviceuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceUser 3 | metadata: 4 | name: serviceuser-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /config/samples/_v1alpha1_valkey.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Valkey 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: valkey 6 | app.kubernetes.io/instance: valkey-sample 7 | app.kubernetes.io/part-of: aiven-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: aiven-operator 10 | name: valkey-sample 11 | spec: 12 | # TODO(user): Add fields here 13 | -------------------------------------------------------------------------------- /config/samples/aiven.io_v1alpha1_clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Clickhouse 3 | metadata: 4 | name: ch-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: os-secret 12 | 13 | project: my-project 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /config/samples/aiven.io_v1alpha1_clickhouseuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseUser 3 | metadata: 4 | name: ch-user-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: ch-user-token 12 | 13 | project: my-project 14 | serviceName: ch-sample 15 | -------------------------------------------------------------------------------- /config/samples/aiven.io_v1alpha1_kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: kafka-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-token 12 | 13 | project: my-project 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-2 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /config/samples/aiven.io_v1alpha1_opensearch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: OpenSearch 3 | metadata: 4 | name: os-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: os-secret 12 | 13 | project: my-project 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /config/samples/aiven.io_v1alpha1_redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Redis 3 | metadata: 4 | name: redis-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: redis-token 12 | 13 | project: my-project 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-2 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | 21 | userConfig: 22 | redis_maxmemory_policy: allkeys-random 23 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - _v1alpha1_alloydbomni.yaml 4 | - _v1alpha1_clickhouse.yaml 5 | - _v1alpha1_clickhouseuser.yaml 6 | - _v1alpha1_connectionpool.yaml 7 | - _v1alpha1_database.yaml 8 | - _v1alpha1_kafka.yaml 9 | - _v1alpha1_kafkaacl.yaml 10 | - _v1alpha1_kafkaconnect.yaml 11 | - _v1alpha1_kafkaconnector.yaml 12 | - _v1alpha1_kafkaschema.yaml 13 | - _v1alpha1_kafkatopic.yaml 14 | - _v1alpha1_opensearch.yaml 15 | - _v1alpha1_postgresql.yaml 16 | - _v1alpha1_project.yaml 17 | - _v1alpha1_projectvpc.yaml 18 | - _v1alpha1_redis.yaml 19 | - _v1alpha1_serviceintegration.yaml 20 | - _v1alpha1_serviceuser.yaml 21 | - _v1alpha1_mysql.yaml 22 | - _v1alpha1_cassandra.yaml 23 | - _v1alpha1_grafana.yaml 24 | - _v1alpha1_clickhousedatabase.yaml 25 | - _v1alpha1_kafkaschemaregistryacl.yaml 26 | - _v1alpha1_clickhouserole.yaml 27 | - _v1alpha1_serviceintegrationendpoint.yaml 28 | - _v1alpha1_flink.yaml 29 | - _v1alpha1_valkey.yaml 30 | - _v1alpha1_kafkanativeacl.yaml 31 | #+kubebuilder:scaffold:manifestskustomizesamples 32 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.24.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | protocol: TCP 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /controllers/common_test.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/stretchr/testify/assert" 7 | 8 | kafkaconnectuserconfig "github.com/aiven/aiven-operator/api/v1alpha1/userconfig/integration/kafka_connect" 9 | ) 10 | 11 | // TestCreateEmptyUserConfiguration shouldn't panic 12 | func TestCreateEmptyUserConfiguration(t *testing.T) { 13 | var uc *kafkaconnectuserconfig.KafkaConnectUserConfig 14 | m, err := CreateUserConfiguration(uc) 15 | assert.Nil(t, m) 16 | assert.NoError(t, err) 17 | } 18 | -------------------------------------------------------------------------------- /docs/docs/.snippets/pg-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: aiven-devdocs-pg 5 | spec: 6 | # reads the authentication token 7 | authSecretRef: 8 | name: aiven-token 9 | key: token 10 | 11 | # stores the PostgreSQL connection information on the specified Secret 12 | connInfoSecretTarget: 13 | name: pg-connection 14 | 15 | project: 16 | cloudName: google-europe-west1 17 | plan: hobbyist 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | userConfig: 21 | pg_version: "15" 22 | -------------------------------------------------------------------------------- /docs/docs/assets/developer-guide-k9s.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aiven/aiven-operator/4e6992b1553beac61a9278515b7467cda92239a1/docs/docs/assets/developer-guide-k9s.jpg -------------------------------------------------------------------------------- /docs/docs/authentication.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Authentication" 3 | linkTitle: "Authentication" 4 | weight: 10 5 | --- 6 | 7 | # Authentication 8 | 9 | Set up the communication between the Aiven Operator and the Aiven Platform by using a token stored in a Kubernetes Secret. 10 | You can then refer to the Secret's name on every custom resource in the `authSecretRef` field. 11 | 12 | ## Prerequisites 13 | 14 | An Aiven user account. [Sign up for free](https://console.aiven.io/signup?utm_source=github&utm_medium=organic&utm_campaign=k8s-operator&utm_content=signup). 15 | 16 | ## Store a token in a Secret 17 | 18 | 1\. [Create a personal token](https://aiven.io/docs/platform/howto/create_authentication_token) in the Aiven Console. 19 | 20 | 2\. To create a Kubernetes Secret, run: 21 | 22 | ```shell 23 | kubectl create secret generic aiven-token --from-literal=token="TOKEN" 24 | ``` 25 | 26 | Where `TOKEN` is your personal token. This creates a Secret named `aiven-token`. 27 | 28 | When managing your Aiven resources, you use the Secret in the `authSecretRef` field. The following is an example 29 | for a PostgreSQL service with the token: 30 | 31 | ```yaml 32 | apiVersion: aiven.io/v1alpha1 33 | kind: PostgreSQL 34 | metadata: 35 | name: pg-sample 36 | spec: 37 | authSecretRef: 38 | name: aiven-token 39 | key: token 40 | [ ... ] 41 | ``` -------------------------------------------------------------------------------- /docs/docs/examples/kafka/kowl-random-strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aiven/aiven-operator/4e6992b1553beac61a9278515b7467cda92239a1/docs/docs/examples/kafka/kowl-random-strings.png -------------------------------------------------------------------------------- /docs/docs/examples/kafka/kowl-topics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aiven/aiven-operator/4e6992b1553beac61a9278515b7467cda92239a1/docs/docs/examples/kafka/kowl-topics.png -------------------------------------------------------------------------------- /docs/docs/installation/kubectl.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Install with kubectl" 3 | linkTitle: "Install with kubectl" 4 | weight: 15 5 | --- 6 | 7 | # Install with kubectl 8 | 9 | The Aiven Operator for Kubernetes can be installed with kubectl. Before you start, make sure you have the [prerequisites](prerequisites.md). 10 | 11 | All Aiven Operator for Kubernetes components can be installed from one YAML file that is uploaded for every release. 12 | 13 | To install the latest version, run: 14 | 15 | ```shell 16 | kubectl apply -f https://github.com/aiven/aiven-operator/releases/latest/download/deployment.yaml 17 | ``` 18 | 19 | By default the deployment is installed into the `aiven-operator-system` namespace. -------------------------------------------------------------------------------- /docs/docs/installation/prerequisites.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Prerequisites" 3 | linkTitle: "Prerequisites" 4 | weight: 1 5 | --- 6 | 7 | # Prerequisites 8 | 9 | The Aiven Operator for Kubernetes® supports all major Kubernetes distributions, both locally and in the cloud. 10 | 11 | Make sure you have the following: 12 | 13 | - Admin access to a Kubernetes cluster. 14 | - [Cert manager installed](https://cert-manager.io/docs/installation/helm/): The operator uses this to configure the service reference of the webhooks. Webhooks are used for setting defaults 15 | and enforcing invariants that are expected by the Aiven API and will lead to errors if ignored. 16 | 17 | !!! note 18 | This is not required in the Helm installation if you select to [disable webhooks](./helm.md), 19 | but that is not recommended outside of playground use. 20 | 21 | - For production usage, [Helm](https://helm.sh) is recommended. 22 | - Optional: For playground usage, you can use [kind](https://kind.sigs.k8s.io/). 23 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/alloydbomni.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: AlloyDBOmni 3 | metadata: 4 | name: my-alloydbomni 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: adbo-secret 12 | annotations: 13 | foo: bar 14 | labels: 15 | baz: egg 16 | 17 | project: my-aiven-project 18 | cloudName: google-europe-west1 19 | plan: startup-4 20 | disk_space: 90GiB 21 | 22 | maintenanceWindowDow: sunday 23 | maintenanceWindowTime: 11:00:00 24 | 25 | serviceAccountCredentials: | 26 | { 27 | "private_key_id": "valid_private_key_id", 28 | "private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", 29 | "client_email": "example@aiven.io", 30 | "client_id": "example_user_id", 31 | "type": "service_account", 32 | "project_id": "example_project_id" 33 | } 34 | 35 | tags: 36 | env: test 37 | instance: foo 38 | 39 | userConfig: 40 | service_log: true 41 | ip_filter: 42 | - network: 0.0.0.0/32 43 | description: bar 44 | - network: 10.20.0.0/16 45 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Cassandra 3 | metadata: 4 | name: my-cassandra 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: cassandra-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: aiven-project-name 19 | cloudName: google-europe-west1 20 | plan: startup-4 21 | 22 | maintenanceWindowDow: sunday 23 | maintenanceWindowTime: 11:00:00 24 | 25 | userConfig: 26 | migrate_sstableloader: true 27 | public_access: 28 | prometheus: true 29 | ip_filter: 30 | - network: 0.0.0.0 31 | description: whatever 32 | - network: 10.20.0.0/16 33 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Clickhouse 3 | metadata: 4 | name: my-clickhouse 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: my-clickhouse 12 | annotations: 13 | foo: bar 14 | labels: 15 | baz: egg 16 | 17 | tags: 18 | env: test 19 | instance: foo 20 | 21 | userConfig: 22 | ip_filter: 23 | - network: 0.0.0.0/32 24 | description: bar 25 | - network: 10.20.0.0/16 26 | 27 | project: my-aiven-project 28 | cloudName: google-europe-west1 29 | plan: startup-16 30 | 31 | maintenanceWindowDow: friday 32 | maintenanceWindowTime: 23:00:00 33 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/clickhousedatabase.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseDatabase 3 | metadata: 4 | name: my-db 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: my-aiven-project 11 | serviceName: my-clickhouse 12 | databaseName: example-db 13 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/clickhousegrant.example_2.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: aiven.io/v1alpha1 3 | kind: ClickhouseGrant 4 | metadata: 5 | name: demo-ch-grant 6 | spec: 7 | authSecretRef: 8 | name: aiven-token 9 | key: token 10 | 11 | project: my-aiven-project 12 | serviceName: my-clickhouse 13 | 14 | privilegeGrants: 15 | - grantees: 16 | - user: user1 17 | - user: my-clickhouse-user-🦄 18 | privileges: 19 | - SELECT 20 | - INSERT 21 | database: my-db 22 | # If table is omitted, the privileges are granted on all tables in the database 23 | # If columns is omitted, the privileges are granted on all columns in the table 24 | - grantees: 25 | - role: my-role 26 | privileges: 27 | - SELECT 28 | database: my-db 29 | table: my-table 30 | columns: 31 | - col1 32 | - col2 33 | 34 | roleGrants: 35 | - roles: 36 | - other-role 37 | grantees: 38 | - user: my-user 39 | - role: my-role 40 | 41 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/clickhouserole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseRole 3 | metadata: 4 | name: my-role 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: my-aiven-project 11 | serviceName: my-clickhouse 12 | role: my-role 13 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/clickhouseuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ClickhouseUser 3 | metadata: 4 | name: my-clickhouse-user 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: clickhouse-user-secret 12 | annotations: 13 | foo: bar 14 | labels: 15 | baz: egg 16 | 17 | project: my-aiven-project 18 | serviceName: my-clickhouse 19 | username: example-username 20 | 21 | --- 22 | 23 | apiVersion: aiven.io/v1alpha1 24 | kind: Clickhouse 25 | metadata: 26 | name: my-clickhouse 27 | spec: 28 | authSecretRef: 29 | name: aiven-token 30 | key: token 31 | 32 | project: my-aiven-project 33 | cloudName: google-europe-west1 34 | plan: startup-16 35 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/connectionpool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ConnectionPool 3 | metadata: 4 | name: my-connection-pool 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | serviceName: my-pg 12 | databaseName: my-database 13 | username: my-service-user 14 | poolMode: transaction 15 | poolSize: 25 16 | 17 | --- 18 | 19 | apiVersion: aiven.io/v1alpha1 20 | kind: PostgreSQL 21 | metadata: 22 | name: my-pg 23 | spec: 24 | authSecretRef: 25 | name: aiven-token 26 | key: token 27 | 28 | project: aiven-project-name 29 | cloudName: google-europe-west1 30 | plan: startup-4 31 | 32 | --- 33 | 34 | apiVersion: aiven.io/v1alpha1 35 | kind: Database 36 | metadata: 37 | name: my-database 38 | spec: 39 | authSecretRef: 40 | name: aiven-token 41 | key: token 42 | 43 | project: aiven-project-name 44 | serviceName: my-pg 45 | 46 | --- 47 | 48 | apiVersion: aiven.io/v1alpha1 49 | kind: ServiceUser 50 | metadata: 51 | name: my-service-user 52 | spec: 53 | authSecretRef: 54 | name: aiven-token 55 | key: token 56 | 57 | project: aiven-project-name 58 | serviceName: my-pg 59 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: my-pg 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | cloudName: google-europe-west1 12 | plan: startup-4 13 | 14 | --- 15 | 16 | apiVersion: aiven.io/v1alpha1 17 | kind: Database 18 | metadata: 19 | name: my-db 20 | spec: 21 | authSecretRef: 22 | name: aiven-token 23 | key: token 24 | 25 | project: aiven-project-name 26 | serviceName: my-pg 27 | 28 | # Database name will default to the value of `metadata.name` if `databaseName` is not specified. 29 | # Use the `databaseName` field if the desired database name contains underscores. 30 | databaseName: my_db_name 31 | 32 | lcCtype: en_US.UTF-8 33 | lcCollate: en_US.UTF-8 34 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/flink.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Flink 3 | metadata: 4 | name: my-flink 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: flink-secret 12 | annotations: 13 | foo: bar 14 | labels: 15 | baz: egg 16 | 17 | project: my-aiven-project 18 | cloudName: google-europe-west1 19 | plan: business-4 20 | 21 | maintenanceWindowDow: sunday 22 | maintenanceWindowTime: 11:00:00 23 | 24 | userConfig: 25 | number_of_task_slots: 10 26 | ip_filter: 27 | - network: 0.0.0.0/32 28 | description: whatever 29 | - network: 10.20.0.0/16 30 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Grafana 3 | metadata: 4 | name: my-grafana 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: grafana-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: my-aiven-project 19 | cloudName: google-europe-west1 20 | plan: startup-1 21 | 22 | maintenanceWindowDow: sunday 23 | maintenanceWindowTime: 11:00:00 24 | 25 | userConfig: 26 | public_access: 27 | grafana: true 28 | ip_filter: 29 | - network: 0.0.0.0 30 | description: whatever 31 | - network: 10.20.0.0/16 32 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: my-kafka 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: my-aiven-project 19 | cloudName: google-europe-west1 20 | plan: startup-2 21 | 22 | maintenanceWindowDow: friday 23 | maintenanceWindowTime: 23:00:00 24 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkaacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaACL 3 | metadata: 4 | name: my-kafka-acl 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: my-aiven-project 11 | serviceName: my-kafka 12 | topic: my-topic 13 | username: my-user 14 | permission: admin 15 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkaconnect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaConnect 3 | metadata: 4 | name: my-kafka-connect 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | tags: 11 | env: test 12 | instance: foo 13 | 14 | project: my-aiven-project 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | 18 | userConfig: 19 | kafka_connect: 20 | consumer_isolation_level: read_committed 21 | public_access: 22 | kafka_connect: true 23 | ip_filter: 24 | - network: 0.0.0.0/32 25 | description: bar 26 | - network: 10.20.0.0/16 27 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkanativeacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: my-kafka 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-secret 12 | 13 | project: my-aiven-project 14 | cloudName: google-europe-west1 15 | plan: startup-2 16 | 17 | maintenanceWindowDow: friday 18 | maintenanceWindowTime: 23:00:00 19 | 20 | --- 21 | 22 | apiVersion: aiven.io/v1alpha1 23 | kind: KafkaNativeACL 24 | metadata: 25 | name: my-kafka-native-acl 26 | spec: 27 | authSecretRef: 28 | name: aiven-token 29 | key: token 30 | 31 | project: my-aiven-project 32 | serviceName: my-kafka 33 | host: my-host 34 | operation: Create 35 | patternType: LITERAL 36 | permissionType: ALLOW 37 | principal: User:alice 38 | resourceName: my-kafka-topic 39 | resourceType: Topic 40 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkaschema.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaSchema 3 | metadata: 4 | name: my-schema 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: my-aiven-project 11 | serviceName: my-kafka 12 | subjectName: mny-subject 13 | compatibilityLevel: BACKWARD 14 | schema: | 15 | { 16 | "doc": "example_doc", 17 | "fields": [{ 18 | "default": 5, 19 | "doc": "field_doc", 20 | "name": "field_name", 21 | "namespace": "field_namespace", 22 | "type": "int" 23 | }], 24 | "name": "example_name", 25 | "namespace": "example_namespace", 26 | "type": "record" 27 | } 28 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkaschemaregistryacl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaSchemaRegistryACL 3 | metadata: 4 | name: my-kafka-schema-registry-acl 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | serviceName: my-kafka 12 | resource: Subject:my-topic 13 | username: my-user 14 | permission: schema_registry_read 15 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/kafkatopic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaTopic 3 | metadata: 4 | name: kafka-topic 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: my-aiven-project 11 | serviceName: my-kafka 12 | topicName: my-kafka-topic 13 | 14 | replication: 2 15 | partitions: 1 16 | 17 | config: 18 | min_cleanable_dirty_ratio: 0.2 19 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: MySQL 3 | metadata: 4 | name: my-mysql 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: mysql-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: my-aiven-project 19 | cloudName: google-europe-west1 20 | plan: business-4 21 | 22 | maintenanceWindowDow: sunday 23 | maintenanceWindowTime: 11:00:00 24 | 25 | userConfig: 26 | backup_hour: 17 27 | backup_minute: 11 28 | ip_filter: 29 | - network: 0.0.0.0 30 | description: whatever 31 | - network: 10.20.0.0/16 32 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/opensearch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: OpenSearch 3 | metadata: 4 | name: my-os 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: os-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: my-aiven-project 19 | cloudName: google-europe-west1 20 | plan: startup-4 21 | disk_space: 80GiB 22 | 23 | maintenanceWindowDow: friday 24 | maintenanceWindowTime: 23:00:00 25 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: my-postgresql 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: postgresql-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: aiven-project-name 19 | cloudName: google-europe-west1 20 | plan: startup-4 21 | 22 | maintenanceWindowDow: sunday 23 | maintenanceWindowTime: 11:00:00 24 | 25 | userConfig: 26 | pg_version: "15" 27 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Project 3 | metadata: 4 | name: my-project 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | tags: 11 | env: prod 12 | 13 | accountId: my-account-id 14 | billingAddress: NYC 15 | cloud: aws-eu-west-1 16 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/projectvpc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ProjectVPC 3 | metadata: 4 | name: my-project-vpc 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | cloudName: google-europe-west1 12 | networkCidr: 10.0.0.0/24 13 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Redis 3 | metadata: 4 | name: k8s-redis 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: redis-token 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: my-aiven-project 19 | cloudName: google-europe-west1 20 | plan: startup-4 21 | 22 | maintenanceWindowDow: friday 23 | maintenanceWindowTime: 23:00:00 24 | 25 | userConfig: 26 | redis_maxmemory_policy: allkeys-random 27 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegration.autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: my-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | integrationType: autoscaler 12 | sourceServiceName: my-pg 13 | # Look up autoscaler integration endpoint ID via Console 14 | destinationEndpointId: my-destination-endpoint-id 15 | 16 | --- 17 | 18 | apiVersion: aiven.io/v1alpha1 19 | kind: PostgreSQL 20 | metadata: 21 | name: my-pg 22 | spec: 23 | authSecretRef: 24 | name: aiven-token 25 | key: token 26 | 27 | project: aiven-project-name 28 | cloudName: google-europe-west1 29 | plan: startup-4 30 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegration.clickhouse_postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: my-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | integrationType: clickhouse_postgresql 12 | sourceServiceName: my-pg 13 | destinationServiceName: my-clickhouse 14 | 15 | clickhousePostgresql: 16 | databases: 17 | - database: defaultdb 18 | schema: public 19 | 20 | --- 21 | 22 | apiVersion: aiven.io/v1alpha1 23 | kind: Clickhouse 24 | metadata: 25 | name: my-clickhouse 26 | spec: 27 | authSecretRef: 28 | name: aiven-token 29 | key: token 30 | 31 | project: aiven-project-name 32 | cloudName: google-europe-west1 33 | plan: startup-16 34 | maintenanceWindowDow: friday 35 | maintenanceWindowTime: 23:00:00 36 | 37 | --- 38 | 39 | apiVersion: aiven.io/v1alpha1 40 | kind: PostgreSQL 41 | metadata: 42 | name: my-pg 43 | spec: 44 | authSecretRef: 45 | name: aiven-token 46 | key: token 47 | 48 | project: aiven-project-name 49 | cloudName: google-europe-west1 50 | plan: startup-4 51 | maintenanceWindowDow: friday 52 | maintenanceWindowTime: 23:00:00 53 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegration.datadog.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: my-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | integrationType: datadog 12 | sourceServiceName: my-pg 13 | destinationEndpointId: destination-endpoint-id 14 | 15 | datadog: 16 | datadog_dbm_enabled: True 17 | datadog_tags: 18 | - tag: env 19 | comment: test 20 | 21 | --- 22 | 23 | apiVersion: aiven.io/v1alpha1 24 | kind: PostgreSQL 25 | metadata: 26 | name: my-pg 27 | spec: 28 | authSecretRef: 29 | name: aiven-token 30 | key: token 31 | 32 | project: aiven-project-name 33 | cloudName: google-europe-west1 34 | plan: startup-4 -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegration.kafka_connect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: my-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | integrationType: kafka_connect 12 | sourceServiceName: my-kafka 13 | destinationServiceName: my-kafka-connect 14 | 15 | kafkaConnect: 16 | kafka_connect: 17 | group_id: connect 18 | status_storage_topic: __connect_status 19 | offset_storage_topic: __connect_offsets 20 | 21 | --- 22 | 23 | apiVersion: aiven.io/v1alpha1 24 | kind: Kafka 25 | metadata: 26 | name: my-kafka 27 | spec: 28 | authSecretRef: 29 | name: aiven-token 30 | key: token 31 | 32 | project: aiven-project-name 33 | cloudName: google-europe-west1 34 | plan: business-4 35 | 36 | --- 37 | 38 | apiVersion: aiven.io/v1alpha1 39 | kind: KafkaConnect 40 | metadata: 41 | name: my-kafka-connect 42 | spec: 43 | authSecretRef: 44 | name: aiven-token 45 | key: token 46 | 47 | project: aiven-project-name 48 | cloudName: google-europe-west1 49 | plan: business-4 50 | 51 | userConfig: 52 | kafka_connect: 53 | consumer_isolation_level: read_committed 54 | public_access: 55 | kafka_connect: true 56 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegration.kafka_logs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: my-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | integrationType: kafka_logs 12 | sourceServiceName: my-kafka 13 | destinationServiceName: my-kafka 14 | 15 | kafkaLogs: 16 | kafka_topic: my-kafka-topic 17 | 18 | --- 19 | 20 | apiVersion: aiven.io/v1alpha1 21 | kind: Kafka 22 | metadata: 23 | name: my-kafka 24 | spec: 25 | authSecretRef: 26 | name: aiven-token 27 | key: token 28 | 29 | project: aiven-project-name 30 | cloudName: google-europe-west1 31 | plan: business-4 32 | 33 | --- 34 | 35 | apiVersion: aiven.io/v1alpha1 36 | kind: KafkaTopic 37 | metadata: 38 | name: my-kafka-topic 39 | spec: 40 | authSecretRef: 41 | name: aiven-token 42 | key: token 43 | 44 | project: aiven-project-name 45 | serviceName: my-kafka 46 | replication: 2 47 | partitions: 1 -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegrationendpoint.autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegrationEndpoint 3 | metadata: 4 | name: my-service-integration-endpoint 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | endpointName: my-autoscaler 12 | endpointType: autoscaler 13 | 14 | autoscaler: 15 | autoscaling: 16 | - type: autoscale_disk 17 | cap_gb: 100 18 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegrationendpoint.external_postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegrationEndpoint 3 | metadata: 4 | name: my-service-integration-endpoint 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | endpointName: my-external-postgresql 12 | endpointType: external_postgresql 13 | 14 | externalPostgresql: 15 | username: username 16 | password: password 17 | host: example.example 18 | port: 5432 19 | ssl_mode: require 20 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceintegrationendpoint.external_schema_registry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegrationEndpoint 3 | metadata: 4 | name: my-service-integration-endpoint 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-project-name 11 | endpointName: my-external-schema-registry 12 | endpointType: external_schema_registry 13 | 14 | externalSchemaRegistry: 15 | url: https://schema-registry.example.com:8081 16 | authentication: basic 17 | basic_auth_username: username 18 | basic_auth_password: password 19 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/serviceuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceUser 3 | metadata: 4 | name: my-service-user 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: service-user-secret 12 | prefix: MY_SECRET_PREFIX_ 13 | annotations: 14 | foo: bar 15 | labels: 16 | baz: egg 17 | 18 | project: aiven-project-name 19 | serviceName: my-service-name 20 | -------------------------------------------------------------------------------- /docs/docs/resources/examples/valkey.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Valkey 3 | metadata: 4 | name: my-valkey 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: my-valkey-secret 12 | annotations: 13 | foo: bar 14 | labels: 15 | baz: egg 16 | 17 | project: my-aiven-project 18 | cloudName: google-europe-west1 19 | plan: startup-4 20 | 21 | maintenanceWindowDow: sunday 22 | maintenanceWindowTime: 11:00:00 23 | 24 | tags: 25 | env: test 26 | instance: foo 27 | 28 | userConfig: 29 | ip_filter: 30 | - network: 0.0.0.0/32 31 | description: bar 32 | - network: 10.20.0.0/16 33 | -------------------------------------------------------------------------------- /generators/charts/crds.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "io/fs" 6 | "os" 7 | "path" 8 | "path/filepath" 9 | 10 | cp "github.com/otiai10/copy" 11 | ) 12 | 13 | const ( 14 | crdSourceDir = "config/crd/bases/" 15 | crdDestinationDir = "templates" 16 | ) 17 | 18 | // copyCRDs copies CRDs, like MySQL, Postgres, etc 19 | func copyCRDs(operatorPath, crdCharts string) error { 20 | srcCRDs := path.Join(operatorPath, crdSourceDir) 21 | dstCRDs := path.Join(crdCharts, crdDestinationDir) 22 | err := cp.Copy(srcCRDs, dstCRDs) 23 | if err != nil { 24 | return err 25 | } 26 | 27 | return filepath.Walk(dstCRDs, fixCRD) 28 | } 29 | 30 | // fixCRD escapes "{{" so it's not rendered by the template engine 31 | func fixCRD(filePath string, info fs.FileInfo, err error) error { 32 | if err != nil { 33 | return err 34 | } 35 | 36 | if info.IsDir() { 37 | return nil 38 | } 39 | 40 | content, err := os.ReadFile(filePath) 41 | if err != nil { 42 | return err 43 | } 44 | 45 | content = bytes.ReplaceAll(content, []byte("`{{"), []byte("{{`{{")) 46 | content = bytes.ReplaceAll(content, []byte("}}`"), []byte("}}`}}")) 47 | return writeFile(filePath, content) 48 | } 49 | -------------------------------------------------------------------------------- /generators/charts/utils.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "os" 6 | 7 | "gopkg.in/yaml.v3" 8 | ) 9 | 10 | const compactIndent = 2 11 | 12 | func marshalCompactYaml(in any) (*bytes.Buffer, error) { 13 | var b bytes.Buffer 14 | y := yaml.NewEncoder(&b) 15 | y.SetIndent(compactIndent) 16 | err := y.Encode(in) 17 | if err != nil { 18 | return nil, err 19 | } 20 | return &b, nil 21 | } 22 | 23 | func writeFile(filePath string, b []byte) error { 24 | return os.WriteFile(filePath, b, 0o644) 25 | } 26 | -------------------------------------------------------------------------------- /generators/docs/generator_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/stretchr/testify/assert" 8 | ) 9 | 10 | func TestPrettyDigitFloat(t *testing.T) { 11 | cases := []struct { 12 | src float64 13 | expected string 14 | }{ 15 | { 16 | src: 0.90000, 17 | expected: "0.9", 18 | }, 19 | { 20 | src: 0.99900, 21 | expected: "0.999", 22 | }, 23 | { 24 | src: 0.99999, 25 | expected: "0.99999", 26 | }, 27 | { 28 | src: 0.90900, 29 | expected: "0.909", 30 | }, 31 | { 32 | src: 60.0000, 33 | expected: "60", 34 | }, 35 | { 36 | src: 0.0000, 37 | expected: "0", 38 | }, 39 | } 40 | 41 | for i, o := range cases { 42 | t.Run(fmt.Sprintf("case %d", i), func(t *testing.T) { 43 | assert.Equal(t, o.expected, prettyDigit("number", o.src)) 44 | }) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /generators/userconfigs/generator_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "testing" 6 | 7 | "github.com/goccy/go-yaml" 8 | "github.com/stretchr/testify/assert" 9 | "github.com/stretchr/testify/require" 10 | ) 11 | 12 | func TestNewUserConfigFile(t *testing.T) { 13 | src, err := os.ReadFile(`generator_test_source.yml`) 14 | require.NoError(t, err) 15 | 16 | obj := new(object) 17 | err = yaml.Unmarshal(src, obj) 18 | require.NoError(t, err) 19 | 20 | expected, err := os.ReadFile(`pg/pg.go`) 21 | require.NoError(t, err) 22 | 23 | actual, err := newUserConfigFile("pg_test", obj) 24 | require.NoError(t, err) 25 | 26 | // Leave the var for debugging with a break point 27 | expectedStr := string(expected) 28 | actualStr := string(actual) 29 | assert.Equal(t, expectedStr, actualStr) 30 | } 31 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Aiven, Helsinki, Finland. https://aiven.io/ 2 | -------------------------------------------------------------------------------- /sweeper/service_integrations.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | avngen "github.com/aiven/go-client-codegen" 8 | ) 9 | 10 | type serviceIntegrationEndpointsSweeper struct { 11 | client avngen.Client 12 | } 13 | 14 | func (sweeper *serviceIntegrationEndpointsSweeper) Name() string { 15 | return "Service integration endpoints" 16 | } 17 | 18 | // Sweep deletes all service integration endpoints in a project 19 | func (sweeper *serviceIntegrationEndpointsSweeper) Sweep(ctx context.Context, projectName string) error { 20 | endpoints, err := sweeper.client.ServiceIntegrationEndpointList(ctx, projectName) 21 | if err != nil { 22 | return fmt.Errorf("error retrieving a list of integration endpoints: %w", err) 23 | } 24 | 25 | for _, s := range endpoints { 26 | err := sweeper.client.ServiceIntegrationEndpointDelete(ctx, projectName, s.EndpointId) 27 | if err != nil && !avngen.IsNotFound(err) { 28 | return fmt.Errorf("error deleting service integration endpoint %q: %w", s.EndpointName, err) 29 | } 30 | } 31 | 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /test/e2e/alloydbomni/alloydbomni-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/alloydbomni/alloydbomni-simple-cluster/01-cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: AlloyDBOmni 3 | metadata: 4 | name: k8s-e2e-alloydbomni-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: alloydbomni-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | -------------------------------------------------------------------------------- /test/e2e/alloydbomni/alloydbomni-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-alloydbomni-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/alloydbomni/alloydbomni-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: AlloyDBOmni 6 | name: k8s-e2e-alloydbomni-simple 7 | -------------------------------------------------------------------------------- /test/e2e/cassandra/cassandra-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/cassandra/cassandra-simple-cluster/01-cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Cassandra 3 | metadata: 4 | name: k8s-e2e-cassandra-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: cassandra-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | migrate_sstableloader: true 23 | public_access: 24 | prometheus: true 25 | ip_filter: 26 | - network: 0.0.0.0 27 | description: whatever 28 | - network: 10.20.0.0/16 29 | -------------------------------------------------------------------------------- /test/e2e/cassandra/cassandra-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-cassandra-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/cassandra/cassandra-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Cassandra 6 | name: k8s-e2e-cassandra-simple 7 | -------------------------------------------------------------------------------- /test/e2e/clickhouse/clickhouse-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/clickhouse/clickhouse-simple-cluster/01-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Clickhouse 3 | metadata: 4 | name: k8s-e2e-test-ch-sample 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: ch-token 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-16 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /test/e2e/clickhouse/clickhouse-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-test-ch-sample --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/clickhouse/clickhouse-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Clickhouse 6 | name: k8s-e2e-test-ch-sample 7 | -------------------------------------------------------------------------------- /test/e2e/grafana/grafana-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/grafana/grafana-simple-cluster/01-grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Grafana 3 | metadata: 4 | name: k8s-e2e-grafana-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: grafana-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-1 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | public_access: 23 | grafana: true 24 | ip_filter: 25 | - network: 0.0.0.0 26 | description: whatever 27 | - network: 10.20.0.0/16 28 | -------------------------------------------------------------------------------- /test/e2e/grafana/grafana-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-grafana-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/grafana/grafana-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Grafana 6 | name: k8s-e2e-grafana-simple 7 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaTopic 3 | metadata: 4 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-topic 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | serviceName: k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 12 | 13 | replication: 2 14 | partitions: 1 15 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | 18 | userConfig: 19 | kafka_connect: true 20 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/01-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-pg 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: pg-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/02-check-services-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 6 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 7 | do 8 | sleep 10 9 | done 10 | - script: | 11 | SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-pg 12 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 13 | do 14 | sleep 10 15 | done 16 | - script: | 17 | SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 18 | TOPIC=k8s-test-kafka-connector-connect-kafka-to-postgres-topic 19 | while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; 20 | do 21 | sleep 10 22 | done 23 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/03-connector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaConnector 3 | metadata: 4 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-connector 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | 12 | serviceName: k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 13 | 14 | connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector 15 | 16 | userConfig: 17 | auto.create: "true" 18 | connection.url: 'jdbc:postgresql://{{ fromSecret "pg-secret" "PGHOST"}}:{{ fromSecret "pg-secret" "PGPORT" }}/{{ fromSecret "pg-secret" "PGDATABASE" }}' 19 | connection.user: '{{ fromSecret "pg-secret" "PGUSER" }}' 20 | connection.password: '{{ fromSecret "pg-secret" "PGPASSWORD" }}' 21 | topics: k8s-test-kafka-connector-connect-kafka-to-postgres-topic 22 | key.converter: org.apache.kafka.connect.json.JsonConverter 23 | value.converter: org.apache.kafka.connect.json.JsonConverter 24 | value.converter.schemas.enable: "true" 25 | -------------------------------------------------------------------------------- /test/e2e/kafka-connector/connect-kafka-to-postgres/05-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: PostgreSQL 6 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-pg 7 | - apiVersion: aiven.io/v1alpha1 8 | kind: KafkaConnector 9 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-connector 10 | - apiVersion: aiven.io/v1alpha1 11 | kind: KafkaTopic 12 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-topic 13 | - apiVersion: aiven.io/v1alpha1 14 | kind: Kafka 15 | name: k8s-test-kafka-connector-connect-kafka-to-postgres-kafka 16 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic-acl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaACL 3 | metadata: 4 | name: k8s-test-kafka-topic-simple-kafka-topic-acl 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | serviceName: k8s-test-kafka-topic-simple-kafka-topic-kafka 12 | 13 | topic: k8s-test-kafka-topic-simple-kafka-topic-topic 14 | permission: readwrite 15 | username: avnadmin 16 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaTopic 3 | metadata: 4 | name: k8s-test-kafka-topic-simple-kafka-topic-topic 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | serviceName: k8s-test-kafka-topic-simple-kafka-topic-kafka 12 | 13 | replication: 2 14 | partitions: 1 15 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/01-kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: k8s-test-kafka-topic-simple-kafka-topic-kafka 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | 18 | userConfig: 19 | kafka_connect: true 20 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/02-check-services-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka 6 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 7 | do 8 | sleep 10 9 | done 10 | - script: | 11 | SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka 12 | TOPIC=k8s-test-kafka-topic-simple-kafka-topic-topic 13 | while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; 14 | do 15 | sleep 10 16 | done 17 | - script: | 18 | SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka 19 | ACLTARGET=k8s-test-kafka-topic-simple-kafka-topic-topic 20 | while ! ( avn --auth-token $AIVEN_TOKEN service acl-list $SERVICE --project aiven-ci-kubernetes-operator | grep -q $ACLTARGET ); 21 | do 22 | sleep 10 23 | done 24 | -------------------------------------------------------------------------------- /test/e2e/kafka-topic/simple-kafka-topic/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Kafka 6 | name: k8s-test-kafka-topic-simple-kafka-topic-topic 7 | -------------------------------------------------------------------------------- /test/e2e/kafka/kafka-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/kafka/kafka-simple-cluster/01-kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: k8s-e2e-kafka-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-token 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-2 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /test/e2e/kafka/kafka-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-kafka-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/kafka/kafka-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Kafka 6 | name: k8s-e2e-kafka-simple 7 | -------------------------------------------------------------------------------- /test/e2e/kuttl-test.preinstalled.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestSuite 3 | timeout: 600 4 | testDirs: 5 | - test/e2e/alloydbomni 6 | - test/e2e/kafka 7 | - test/e2e/kafka-topic 8 | - test/e2e/kafka-connector 9 | - test/e2e/redis 10 | - test/e2e/opensearch 11 | - test/e2e/clickhouse 12 | - test/e2e/projectvpc 13 | - test/e2e/service-integration 14 | - test/e2e/mysql 15 | - test/e2e/cassandra 16 | - test/e2e/grafana 17 | blockOnNamespaceDelete: true 18 | -------------------------------------------------------------------------------- /test/e2e/kuttl-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestSuite 3 | timeout: 9999 4 | startKIND: true 5 | crdDir: config/crd/bases 6 | testDirs: 7 | - test/e2e/alloydbomni 8 | - test/e2e/kafka 9 | - test/e2e/kafka-topic 10 | - test/e2e/kafka-connector 11 | - test/e2e/redis 12 | - test/e2e/opensearch 13 | - test/e2e/clickhouse 14 | - test/e2e/projectvpc 15 | - test/e2e/service-integration 16 | - test/e2e/mysql 17 | - test/e2e/cassandra 18 | - test/e2e/grafana 19 | commands: 20 | - script: ENABLE_WEBHOOKS=false ./bin/manager --metrics-bind-address=0 --health-probe-bind-address=0 21 | background: true 22 | blockOnNamespaceDelete: false 23 | -------------------------------------------------------------------------------- /test/e2e/mysql/mysql-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/mysql/mysql-simple-cluster/01-mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: MySQL 3 | metadata: 4 | name: k8s-e2e-mysql-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: mysql-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | 18 | maintenanceWindowDow: sunday 19 | maintenanceWindowTime: 11:00:00 20 | 21 | userConfig: 22 | backup_hour: 17 23 | backup_minute: 11 24 | ip_filter: 25 | - network: 0.0.0.0 26 | description: whatever 27 | - network: 10.20.0.0/16 28 | -------------------------------------------------------------------------------- /test/e2e/mysql/mysql-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-mysql-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/mysql/mysql-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: MySQL 6 | name: k8s-e2e-mysql-simple 7 | -------------------------------------------------------------------------------- /test/e2e/opensearch/opensearch-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/opensearch/opensearch-simple-cluster/01-opensearch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: OpenSearch 3 | metadata: 4 | name: k8s-e2e-os-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: os-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | disk_space: 80GiB 18 | 19 | maintenanceWindowDow: friday 20 | maintenanceWindowTime: 23:00:00 21 | -------------------------------------------------------------------------------- /test/e2e/opensearch/opensearch-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-os-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/opensearch/opensearch-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: OpenSearch 6 | name: k8s-e2e-os-simple 7 | -------------------------------------------------------------------------------- /test/e2e/projectvpc/projectvpc-ref/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/projectvpc/projectvpc-ref/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Kafka 6 | name: k8s-e2e-projectvpc-ref-kafka 7 | - apiVersion: aiven.io/v1alpha1 8 | kind: Redis 9 | name: k8s-e2e-projectvpc-ref-redis 10 | - apiVersion: aiven.io/v1alpha1 11 | kind: OpenSearch 12 | name: k8s-e2e-projectvpc-ref-os 13 | - apiVersion: aiven.io/v1alpha1 14 | kind: ProjectVPC 15 | name: k8s-e2e-projectvpc-ref 16 | -------------------------------------------------------------------------------- /test/e2e/redis/redis-simple-cluster/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/redis/redis-simple-cluster/01-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Redis 3 | metadata: 4 | name: k8s-redis-simple 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: redis-token 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | 21 | userConfig: 22 | redis_maxmemory_policy: allkeys-random 23 | -------------------------------------------------------------------------------- /test/e2e/redis/redis-simple-cluster/02-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | while ! avn --auth-token $AIVEN_TOKEN service wait k8s-redis-simple --project aiven-ci-kubernetes-operator; 6 | do 7 | sleep 10 8 | done 9 | -------------------------------------------------------------------------------- /test/e2e/redis/redis-simple-cluster/03-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Redis 6 | name: k8s-redis-simple 7 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/01-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Clickhouse 3 | metadata: 4 | name: k8s-e2e-test-ch-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: ch-token 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-16 17 | 18 | maintenanceWindowDow: friday 19 | maintenanceWindowTime: 23:00:00 20 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/01-postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: PostgreSQL 3 | metadata: 4 | name: k8s-e2e-test-pg-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: pg-token 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: startup-4 17 | maintenanceWindowDow: friday 18 | maintenanceWindowTime: 23:00:00 19 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/02-check-services-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | SERVICE=k8s-e2e-test-ch-integration 6 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 7 | do 8 | sleep 10 9 | done 10 | - script: | 11 | SERVICE=k8s-e2e-test-pg-integration 12 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 13 | do 14 | sleep 10 15 | done 16 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/03-service-integration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: k8s-test-service-integration-clickhouse-postgresql 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | integrationType: clickhouse_postgresql 12 | 13 | sourceServiceName: k8s-e2e-test-pg-integration 14 | destinationServiceName: k8s-e2e-test-ch-integration 15 | 16 | clickhousePostgresql: 17 | databases: 18 | - database: defaultdb 19 | schema: public 20 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/04-check-integration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | SERVICE=k8s-e2e-test-pg-integration 6 | while ! avn service integration-list $SERVICE --json | jq '.[] | select(.integration_type == "clickhouse_postgresql" and .active == true)' 7 | do 8 | sleep 10 9 | done 10 | -------------------------------------------------------------------------------- /test/e2e/service-integration/clickhouse-postgresql/05-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: ServiceIntegration 6 | name: k8s-test-service-integration-clickhouse-postgresql 7 | - apiVersion: aiven.io/v1alpha1 8 | kind: Clickhouse 9 | name: k8s-e2e-test-pg-integration 10 | - apiVersion: aiven.io/v1alpha1 11 | kind: PostgreSQL 12 | name: k8s-e2e-test-ch-integration 13 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/00-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN 5 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/01-kafka-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: KafkaTopic 3 | metadata: 4 | name: k8s-test-service-integration-kafka-logs-topic 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | serviceName: k8s-test-service-integration-kafka-logs-kafka 12 | 13 | replication: 2 14 | partitions: 1 15 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/01-kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: Kafka 3 | metadata: 4 | name: k8s-test-service-integration-kafka-logs-kafka 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | connInfoSecretTarget: 11 | name: kafka-secret 12 | 13 | project: aiven-ci-kubernetes-operator 14 | 15 | cloudName: google-europe-west1 16 | plan: business-4 17 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/02-check-services-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | SERVICE=k8s-test-service-integration-kafka-logs-kafka 6 | while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; 7 | do 8 | sleep 10 9 | done 10 | - script: | 11 | SERVICE=k8s-test-service-integration-kafka-logs-kafka 12 | TOPIC=k8s-test-service-integration-kafka-logs-topic 13 | while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; 14 | do 15 | sleep 10 16 | done 17 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/03-service-integration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aiven.io/v1alpha1 2 | kind: ServiceIntegration 3 | metadata: 4 | name: k8s-test-service-integration-kafka-logs-service-integration 5 | spec: 6 | authSecretRef: 7 | name: aiven-token 8 | key: token 9 | 10 | project: aiven-ci-kubernetes-operator 11 | 12 | integrationType: kafka_logs 13 | 14 | sourceServiceName: k8s-test-service-integration-kafka-logs-kafka 15 | destinationServiceName: k8s-test-service-integration-kafka-logs-kafka 16 | 17 | kafkaLogs: 18 | kafka_topic: k8s-test-service-integration-kafka-logs-topic 19 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/04-check-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | commands: 4 | - script: | 5 | TMPDIR=$(mktemp -d) 6 | trap "rm -rf $TMPDIR" EXIT 7 | 8 | kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.CA_CERT -r | base64 -w0 -d >> $TMPDIR/ca.crt 9 | kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_CERT -r | base64 -w0 -d >> $TMPDIR/service.crt 10 | kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_KEY -r | base64 -w0 -d >> $TMPDIR/service.key 11 | 12 | HOST=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.HOST -r | base64 -d) 13 | PORT=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.PORT -r | base64 -d) 14 | TOPIC=k8s-test-service-integration-kafka-logs-topic 15 | 16 | kcat \ 17 | -b $HOST:$PORT \ 18 | -X security.protocol=SSL \ 19 | -X ssl.ca.location=$TMPDIR/ca.crt \ 20 | -X ssl.certificate.location=$TMPDIR/service.crt \ 21 | -X ssl.key.location=$TMPDIR/service.key \ 22 | -C -t $TOPIC -c 1 23 | -------------------------------------------------------------------------------- /test/e2e/service-integration/kafka-logs/05-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuttl.dev/v1beta1 2 | kind: TestStep 3 | delete: 4 | - apiVersion: aiven.io/v1alpha1 5 | kind: Kafka 6 | name: k8s-test-service-integration-kafka-logs-kafka 7 | -------------------------------------------------------------------------------- /utils/clickhouse/clickhouse_query.go: -------------------------------------------------------------------------------- 1 | package chutils 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | avngen "github.com/aiven/go-client-codegen" 8 | "github.com/aiven/go-client-codegen/handler/clickhouse" 9 | ) 10 | 11 | const ( 12 | defaultDatabase = "system" 13 | ) 14 | 15 | func ExecuteClickHouseQuery(ctx context.Context, avnGen avngen.Client, project, serviceName, statement string) (*clickhouse.ServiceClickHouseQueryOut, error) { 16 | res, err := avnGen.ServiceClickHouseQuery(ctx, project, serviceName, &clickhouse.ServiceClickHouseQueryIn{ 17 | // We are running GRANT and REVOKE which don't need to be ran against a 18 | // specific database. Here "system" is used as its guaranteed to exist. 19 | Database: defaultDatabase, 20 | Query: statement, 21 | }) 22 | if err != nil { 23 | return nil, fmt.Errorf("ClickHouse query error: %w", err) 24 | } 25 | return res, nil 26 | } 27 | --------------------------------------------------------------------------------