diff --git a/Makefile b/Makefile index aba177c..40f7e52 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ GOLANGCI_LINT_VERSION ?= v1.57.2 .PHONY: all -all: fmt vet lint generate manifests kustomize helmify generate-docs +all: fmt vet lint generate manifests kustomize helm generate-docs ##@ Development diff --git a/charts/irsa-manager/crds/irsa-crd.yaml b/charts/irsa-manager/crds/irsa-crd.yaml new file mode 100644 index 0000000..62a692c --- /dev/null +++ b/charts/irsa-manager/crds/irsa-crd.yaml @@ -0,0 +1,160 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: irsas.irsa-manager.kkb0318.github.io +spec: + group: irsa-manager.kkb0318.github.io + names: + kind: IRSA + listKind: IRSAList + plural: irsas + singular: irsa + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IRSA is the Schema for the irsas API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IRSASpec defines the desired state of IRSA + properties: + cleanup: + description: |- + Cleanup, when enabled, allows the IRSA to perform garbage collection + of resources that are no longer needed or managed. + type: boolean + iamPolicies: + description: |- + IamPolicies represents the list of IAM policies to be attached to the IAM role. + You can set both the policy name (only AWS default policies) or the full ARN. + items: + type: string + type: array + iamRole: + description: IamRole represents the IAM role details associated with + the IRSA. + properties: + name: + description: Name represents the name of the IAM role. + type: string + type: object + serviceAccount: + description: ServiceAccount represents the Kubernetes service account + associated with the IRSA. + properties: + name: + description: Name represents the name of the Kubernetes service + account + type: string + namespaces: + description: Namespaces represents the list of namespaces where + the service account is used + items: + type: string + type: array + type: object + required: + - cleanup + type: object + status: + description: IRSAStatus defines the observed state of IRSA. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/irsa-manager/crds/irsasetup-crd.yaml b/charts/irsa-manager/crds/irsasetup-crd.yaml index e9f385e..11af11c 100644 --- a/charts/irsa-manager/crds/irsasetup-crd.yaml +++ b/charts/irsa-manager/crds/irsasetup-crd.yaml @@ -13,92 +13,147 @@ spec: singular: irsasetup scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: - IRSASetup represents a configuration for setting up IAM Roles - for Service Accounts (IRSA) in a Kubernetes cluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IRSASetupSpec defines the desired state of IRSASetup - properties: - auth: - description: Auth contains authentication configuration details. + - additionalPrinterColumns: + - jsonPath: .status.selfHostedSetup[?(@.type=="Ready")].status + name: SelfHostedReady + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IRSASetup represents a configuration for setting up IAM Roles + for Service Accounts (IRSA) in a Kubernetes cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IRSASetupSpec defines the desired state of IRSASetup + properties: + cleanup: + description: |- + Cleanup, when enabled, allows the IRSASetup to perform garbage collection + of resources that are no longer needed or managed. + type: boolean + discovery: + description: |- + Discovery configures the IdP Discovery process, essential for setting up IRSA by locating + the OIDC provider information. + properties: + s3: + description: S3 specifies the AWS S3 bucket details where the + OIDC provider's discovery information is hosted. + properties: + bucketName: + description: BucketName is the name of the S3 bucket that + hosts the OIDC discovery information. + type: string + region: + description: Region denotes the AWS region where the S3 bucket + is located. + type: string + required: + - bucketName + - region + type: object + type: object + mode: + description: Mode specifies the mode of operation. Can be either "selfhosted" + or "eks". + type: string + required: + - cleanup + - discovery + - mode + type: object + status: + description: IRSASetupStatus defines the observed state of IRSASetup + properties: + selfHostedSetup: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: - secretRef: - description: - SecretRef specifies the reference to the Kubernetes - secret containing authentication details. - properties: - name: - description: Name specifies the name of the secret. - type: string - namespace: - description: Namespace specifies the namespace of the secret. - type: string - required: - - name - type: object + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string required: - - secretRef + - lastTransitionTime + - message + - reason + - status + - type type: object - discovery: - description: |- - Discovery configures the IdP Discovery process, essential for setting up IRSA by locating - the OIDC provider information. - properties: - s3: - description: - S3 specifies the AWS S3 bucket details where the - OIDC provider's discovery information is hosted. - properties: - bucketName: - description: - BucketName is the name of the S3 bucket that - hosts the OIDC discovery information. - type: string - region: - description: - Region denotes the AWS region where the S3 bucket - is located. - type: string - required: - - bucketName - - region - type: object - type: object - mode: - description: - Mode specifies the mode of operation. Can be either "selfhosted" - or "eks". - type: string - required: - - discovery - - mode - type: object - status: - description: IRSASetupStatus defines the observed state of IRSASetup - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/irsa-manager/templates/deployment.yaml b/charts/irsa-manager/templates/deployment.yaml index ed8428b..078d4d5 100644 --- a/charts/irsa-manager/templates/deployment.yaml +++ b/charts/irsa-manager/templates/deployment.yaml @@ -42,6 +42,26 @@ spec: command: - /manager env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws-access-key-id + name: aws-secret + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws-secret-access-key + name: aws-secret + - name: AWS_REGION + valueFrom: + secretKeyRef: + key: aws-region + name: aws-secret + - name: AWS_ROLE_ARN + valueFrom: + secretKeyRef: + key: aws-role-arn + name: aws-secret - name: KUBERNETES_CLUSTER_DOMAIN value: {{ quote .Values.kubernetesClusterDomain }} image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag diff --git a/charts/irsa-manager/templates/manager-rbac.yaml b/charts/irsa-manager/templates/manager-rbac.yaml index f8fbb15..0c7ddd2 100644 --- a/charts/irsa-manager/templates/manager-rbac.yaml +++ b/charts/irsa-manager/templates/manager-rbac.yaml @@ -5,6 +5,104 @@ metadata: labels: {{- include "irsa-manager.labels" . | nindent 4 }} rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - irsa-manager.kkb0318.github.io + resources: + - irsas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - irsa-manager.kkb0318.github.io + resources: + - irsas/finalizers + verbs: + - update +- apiGroups: + - irsa-manager.kkb0318.github.io + resources: + - irsas/status + verbs: + - get + - patch + - update - apiGroups: - irsa-manager.kkb0318.github.io resources: @@ -31,6 +129,30 @@ rules: - get - patch - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -48,4 +170,4 @@ roleRef: subjects: - kind: ServiceAccount name: '{{ include "irsa-manager.fullname" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/irsa-manager/values.yaml b/charts/irsa-manager/values.yaml index deb46ad..d34311f 100644 --- a/charts/irsa-manager/values.yaml +++ b/charts/irsa-manager/values.yaml @@ -1,15 +1,15 @@ controllerManager: kubeRbacProxy: args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL image: repository: gcr.io/kubebuilder/kube-rbac-proxy tag: v0.15.0 @@ -22,14 +22,14 @@ controllerManager: memory: 64Mi manager: args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL image: repository: ghcr.io/kkb0318/irsa-manager tag: APP_VERSION @@ -46,8 +46,8 @@ controllerManager: kubernetesClusterDomain: cluster.local metricsService: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https type: ClusterIP diff --git a/config/crd/bases/irsa.kkb0318.github.io_irsas.yaml b/config/crd/bases/irsa.kkb0318.github.io_irsas.yaml deleted file mode 100644 index dc4c4e7..0000000 --- a/config/crd/bases/irsa.kkb0318.github.io_irsas.yaml +++ /dev/null @@ -1,166 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: irsas.irsa-manager.kkb0318.github.io -spec: - group: irsa-manager.kkb0318.github.io - names: - kind: IRSA - listKind: IRSAList - plural: irsas - singular: irsa - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: IRSA is the Schema for the irsas API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IRSASpec defines the desired state of IRSA - properties: - cleanup: - description: |- - Cleanup, when enabled, allows the IRSA to perform garbage collection - of resources that are no longer needed or managed. - type: boolean - iamPolicies: - description: |- - IamPolicies represents the list of IAM policies to be attached to the IAM role. - You can set both the policy name (only AWS default policies) or the full ARN. - items: - type: string - type: array - iamRole: - description: - IamRole represents the IAM role details associated with - the IRSA. - properties: - name: - description: Name represents the name of the IAM role. - type: string - type: object - serviceAccount: - description: - ServiceAccount represents the Kubernetes service account - associated with the IRSA. - properties: - name: - description: - Name represents the name of the Kubernetes service - account - type: string - namespaces: - description: - Namespaces represents the list of namespaces where - the service account is used - items: - type: string - type: array - type: object - required: - - cleanup - type: object - status: - description: IRSAStatus defines the observed state of IRSA. - properties: - conditions: - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/irsa.kkb0318.github.io_irsasetups.yaml b/config/crd/bases/irsa.kkb0318.github.io_irsasetups.yaml deleted file mode 100644 index 7800733..0000000 --- a/config/crd/bases/irsa.kkb0318.github.io_irsasetups.yaml +++ /dev/null @@ -1,166 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: irsasetups.irsa-manager.kkb0318.github.io -spec: - group: irsa-manager.kkb0318.github.io - names: - kind: IRSASetup - listKind: IRSASetupList - plural: irsasetups - singular: irsasetup - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.selfHostedSetup[?(@.type=="Ready")].status - name: SelfHostedReady - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: - IRSASetup represents a configuration for setting up IAM Roles - for Service Accounts (IRSA) in a Kubernetes cluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IRSASetupSpec defines the desired state of IRSASetup - properties: - cleanup: - description: |- - Cleanup, when enabled, allows the IRSASetup to perform garbage collection - of resources that are no longer needed or managed. - type: boolean - discovery: - description: |- - Discovery configures the IdP Discovery process, essential for setting up IRSA by locating - the OIDC provider information. - properties: - s3: - description: - S3 specifies the AWS S3 bucket details where the - OIDC provider's discovery information is hosted. - properties: - bucketName: - description: - BucketName is the name of the S3 bucket that - hosts the OIDC discovery information. - type: string - region: - description: - Region denotes the AWS region where the S3 bucket - is located. - type: string - required: - - bucketName - - region - type: object - type: object - mode: - description: - Mode specifies the mode of operation. Can be either "selfhosted" - or "eks". - type: string - required: - - cleanup - - discovery - - mode - type: object - status: - description: IRSASetupStatus defines the observed state of IRSASetup - properties: - selfHostedSetup: - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {}