test_data/k8s-operator-kustomize.output
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: my-operator-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: my-operator-system/my-operator-serving-cert
example-annotation: xyz
creationTimestamp: null
name: cephvolumes.test.example.com
labels:
example-label: my-app
spec:
group: test.example.com
names:
kind: CephVolume
listKind: CephVolumeList
plural: cephvolumes
singular: cephvolume
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Ceph RBD pool name
jsonPath: .spec.pool
name: Pool
type: string
- description: Storage type
jsonPath: .status.type
name: Type
type: string
- description: Volume size
jsonPath: .spec.size
name: Size
type: string
- description: Max number of volume I/O operations per second
jsonPath: .status.limits.iops
name: IOPS
type: string
- description: true if volume contains latest type,size spec from Ceph
jsonPath: .status.conditions[?(@.type=="Provided")].status
name: Provided
type: string
- description: true if volume IOPS limits calculated. False indicates error -
check reason for details
jsonPath: .status.conditions[?(@.type=="Calculated")].status
name: Calculated
type: string
- description: true if volume IOPS limits applied to volume. False indicates error
- check reason for details
jsonPath: .status.conditions[?(@.type=="Limited")].status
name: Limited
type: string
- description: latest resource generation
jsonPath: .metadata.generation
name: gen
type: string
- description: latest observed generation of Limited condition
jsonPath: .status.conditions[?(@.type=="Limited")].observedGeneration
name: Lim-gen
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: CephVolume represents Ceph RBD volume
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CephVolumeSpec defines the desired state of CephVolume
properties:
pool:
description: Pool - volume pool name
type: string
size:
anyOf:
- type: integer
- type: string
description: Size - volume size
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
status:
description: CephVolumeStatus defines the observed state of CephVolume
properties:
conditions:
description: 'Conditions represent the latest available observations
of an object''s state Known .status.conditions.type are: "Provided".
"Calculated", "Limited"'
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
limits:
description: Limits represent calculated IOPS limits
properties:
iops:
description: IOPS - desired limit of IO operations per second.
See Ceph rbd_qos_iops_limit property.
format: int64
minimum: 0
type: integer
iopsBurst:
description: IOPSBurst - desired burst limit of IO operations.
See Ceph rbd_qos_iops_burst property.
format: int64
minimum: 0
type: integer
readIOPS:
description: ReadIOPS - desired limit of read operations per second.
See Ceph rbd_qos_read_iops_limit property.
format: int64
minimum: 0
type: integer
readIOPSBurst:
description: ReadIOPSBurst - desired burst limit of read operations.
See Ceph rbd_qos_read_iops_burst property.
format: int64
minimum: 0
type: integer
writeIOPS:
description: WriteIOPS - desired limit of write operations per
second. See Ceph rbd_qos_write_iops_limit property
format: int64
minimum: 0
type: integer
writeIOPSBurst:
description: WriteIOPSBurst - desired burst limit of write operations.
See Ceph rbd_qos_write_iops_burst property.
format: int64
minimum: 0
type: integer
type: object
type:
description: Type - volume storage type. See StorageType CRD.
type: string
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: my-operator-system/my-operator-serving-cert
creationTimestamp: null
name: manifestcephvolumes.test.example.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: my-operator-webhook-service
namespace: my-operator-system
path: /convert
conversionReviewVersions:
- v1
group: test.example.com
names:
kind: ManifestCephVolume
listKind: ManifestCephVolumeList
plural: manifestcephvolumes
singular: manifestcephvolume
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Ceph RBD pool name
jsonPath: .spec.poolName
name: PoolName
type: string
- description: Sync interval in seconds
jsonPath: .spec.interval
name: Interval
type: string
- description: Last update time
jsonPath: .status.lastUpdate
name: LastUpdate
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: ManifestCephVolume monitors given ceph pool and manifests containing
volumes as CephVolume CR
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ManifestCephVolumeSpec defines the desired state of ManifestCephVolume
properties:
interval:
description: Interval - Ceph pool polling interval
format: int32
minimum: 60
type: integer
poolName:
description: PoolName name of Ceph RBD pool to get volumes
type: string
required:
- interval
type: object
status:
description: ManifestCephVolumeStatus defines the observed state of ManifestCephVolume
properties:
lastUpdate:
description: LastUpdate - time of last successful volumes update
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-operator-controller-manager
namespace: my-operator-system
annotations:
k8s.acme.org/some-meta-data: "ACME Inc."
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: my-operator-leader-election-role
namespace: my-operator-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: my-operator-manager-aggregated-role
aggregationRule:
clusterRoleSelectors:
- matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- my-operator
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: my-operator-manager-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- test.example.com
resources:
- cephvolumes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- test.example.com
resources:
- cephvolumes/finalizers
verbs:
- update
- apiGroups:
- test.example.com
resources:
- cephvolumes/status
verbs:
- get
- patch
- update
- apiGroups:
- test.example.com
resources:
- manifestcephvolumes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- test.example.com
resources:
- manifestcephvolumes/finalizers
verbs:
- update
- apiGroups:
- test.example.com
resources:
- manifestcephvolumes/status
verbs:
- get
- patch
- update
- apiGroups:
- test.example.com
resources:
- storagetypes
verbs:
- get
- list
- watch
- apiGroups:
- test.example.com
resources:
- storagetypes/status
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: my-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: my-operator-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: my-operator-leader-election-rolebinding
namespace: my-operator-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: my-operator-controller-manager
namespace: my-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: my-operator-manager-role
subjects:
- kind: ServiceAccount
name: my-operator-controller-manager
namespace: my-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: my-operator-proxy-role
subjects:
- kind: ServiceAccount
name: my-operator-controller-manager
namespace: my-operator-system
---
apiVersion: v1
data:
dummyconfigmapkey: dummyconfigmapvalue
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: 3a2e09e9.example.com
rook:
namespace: rook-ceph
toolboxPodLabel: rook-ceph-tools
kind: ConfigMap
metadata:
name: my-operator-manager-config
namespace: my-operator-system
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: my-operator-controller-manager-metrics-service
namespace: my-operator-system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: my-operator-controller-manager
namespace: my-operator-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
matchLabelKeys:
- app
- pod-template-hash
imagePullSecrets:
- name: my-operator-secret-registry-credentials
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
volumeMounts:
- mountPath: /controller_manager_config.yaml
name: manager-config
subPath: controller_manager_config.yaml
- name: secret-volume
mountPath: /my.ca
env:
- name: VAR1
valueFrom:
secretKeyRef:
name: my-operator-secret-vars
key: VAR1
- name: VAR2
value: "ciao"
- name: VAR3_MY_ENV
value: "ciao"
- name: VAR4
valueFrom:
configMapKeyRef:
name: my-operator-configmap-vars
key: VAR4
- name: VAR5
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: VAR6
valueFrom:
resourceFieldRef:
resource: limits.cpu
image: controller:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true
nodeSelector:
region: east
type: user-node
serviceAccountName: my-operator-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- configMap:
name: my-operator-manager-config
name: manager-config
- name: secret-volume
secret:
secretName: my-operator-secret-ca
---
apiVersion: v1
kind: Service
metadata:
name: my-operator-webhook-service
namespace: my-operator-system
spec:
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-operator-serving-cert
namespace: my-operator-system
spec:
dnsNames:
- my-operator-webhook-service.my-operator-system.svc
- my-operator-webhook-service.my-operator-system.svc.cluster.local
issuerRef:
kind: Issuer
name: my-operator-selfsigned-issuer
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: my-operator-selfsigned-issuer
namespace: my-operator-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: my-operator-system/my-operator-serving-cert
name: my-operator-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: my-operator-webhook-service
namespace: my-operator-system
path: /validate-ceph-example-com-v1alpha1-volume
failurePolicy: Fail
name: vvolume.kb.io
rules:
- apiGroups:
- test.example.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- volumes
sideEffects: None
---
apiVersion: v1
data:
ca.crt: |
c3VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cGVybG9uZ3Rlc3RjcnQtc3
VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cGVybG9uZ3Rlc3RjcnQtc3Vw
ZXJsb25ndGVzdGNydC0Kc3VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cG
VybG9uZ3Rlc3RjcnQtc3VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cGVy
bG9uZ3Rlc3RjcnQKc3VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cGVybG
9uZ3Rlc3RjcnQtc3VwZXJsb25ndGVzdGNydC1zdXBlcmxvbmd0ZXN0Y3J0LXN1cGVybG9u
Z3Rlc3RjcnQ=
kind: Secret
metadata:
name: my-operator-secret-ca
namespace: my-operator-system
type: opaque
---
apiVersion: v1
data:
.dockerconfigjson: |
ewogICAgImF1dGhzIjogewogICAgICAgICJmb28uYmFyLmlvIjogewogICAgICAgICAgIC
AidXNlcm5hbWUiOiAidXNlcm5hbWUiLAogICAgICAgICAgICAicGFzc3dvcmQiOiAic2Vj
cmV0IiwKICAgICAgICAgICAgImF1dGgiOiAiZFhObGNtNWhiV1U2YzJWamNtVjAiCiAgIC
AgICAgfQogICAgfQp9
kind: Secret
metadata:
name: my-operator-secret-registry-credentials
namespace: my-operator-system
type: kubernetes.io/dockerconfigjson
---
apiVersion: v1
data:
VAR1: bXlfc2VjcmV0X3Zhcl8x
VAR2: bXlfc2VjcmV0X3Zhcl8y
kind: Secret
metadata:
name: my-operator-secret-vars
namespace: my-operator-system
type: opaque
---
apiVersion: v1
data:
VAR4: value for var4
kind: ConfigMap
metadata:
name: my-operator-configmap-vars
namespace: my-operator-system
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-operator-pvc-lim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: cust1-mypool-lim
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: my-operator-system/my-operator-serving-cert
name: my-operator-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: my-operator-webhook-service
namespace: my-operator-system
path: /mutate-ceph-example-com-v1-mycluster
failurePolicy: Fail
name: mmycluster.kb.io
rules:
- apiGroups:
- test.example.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- myclusters
sideEffects: None