diff --git a/CHANGELOG.md b/CHANGELOG.md index 8173014e..eb137aea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add conversion webhook ([#937]). - Support objectOverrides using `.spec.objectOverrides`. See [objectOverrides concepts page](https://docs.stackable.tech/home/nightly/concepts/overrides/#object-overrides) for details ([#927]). - Added support for OPA/TLS ([#928]). @@ -37,6 +38,7 @@ All notable changes to this project will be documented in this file. [#932]: https://github.com/stackabletech/kafka-operator/pull/932 [#933]: https://github.com/stackabletech/kafka-operator/pull/933 [#934]: https://github.com/stackabletech/kafka-operator/pull/934 +[#937]: https://github.com/stackabletech/kafka-operator/pull/937 ## [25.11.0] - 2025-11-07 diff --git a/Cargo.lock b/Cargo.lock index 7d70985f..73649909 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -101,6 +101,15 @@ version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" +[[package]] +name = "arc-swap" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ded5f9a03ac8f24d1b8a25101ee812cd32cdc8c50a4c50237de2c4915850e73" +dependencies = [ + "rustversion", +] + [[package]] name = "async-broadcast" version = "0.7.2" @@ -221,12 +230,24 @@ dependencies = [ "tokio", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + [[package]] name = "bit-set" version = "0.8.0" @@ -364,6 +385,12 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const_format" version = "0.2.35" @@ -442,6 +469,18 @@ version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -532,6 +571,30 @@ dependencies = [ "syn 2.0.108", ] +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.108", +] + [[package]] name = "deranged" version = "0.5.5" @@ -568,7 +631,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", + "const-oid", "crypto-common", + "subtle", ] [[package]] @@ -608,6 +673,20 @@ version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + [[package]] name = "educe" version = "0.6.0" @@ -626,6 +705,26 @@ version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "pem-rfc7468", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "encoding_rs" version = "0.8.35" @@ -708,12 +807,28 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "find-msvc-tools" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "52051878f80a721bb68ebfbc930e07b65ba72f2da88968ea5c06fd6ca3d3a127" +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + [[package]] name = "flate2" version = "1.1.5" @@ -848,6 +963,7 @@ checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -875,9 +991,9 @@ dependencies = [ [[package]] name = "git2" -version = "0.20.2" +version = "0.20.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2deb07a133b1520dc1a5690e9bd08950108873d7ed5de38dcc74d3b5ebffa110" +checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b" dependencies = [ "bitflags", "libc", @@ -904,6 +1020,17 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "h2" version = "0.4.12" @@ -946,6 +1073,15 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + [[package]] name = "home" version = "0.5.12" @@ -1481,6 +1617,9 @@ name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] [[package]] name = "libc" @@ -1490,9 +1629,9 @@ checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976" [[package]] name = "libgit2-sys" -version = "0.18.2+1.9.1" +version = "0.18.3+1.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c42fe03df2bd3c53a3a9c7317ad91d80c81cd1fb0caec8d7cc4cd2bfa10c222" +checksum = "c9b3acc4b91781bb0b3386669d325163746af5f6e4f73e6d2d630e09a35f3487" dependencies = [ "cc", "libc", @@ -1500,6 +1639,12 @@ dependencies = [ "pkg-config", ] +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + [[package]] name = "libz-sys" version = "1.1.22" @@ -1590,11 +1735,47 @@ dependencies = [ "windows-sys 0.61.2", ] +[[package]] +name = "num-bigint-dig" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7" +dependencies = [ + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "smallvec", + "zeroize", +] + [[package]] name = "num-conv" -version = "0.1.0" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050" + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] [[package]] name = "num-traits" @@ -1603,6 +1784,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -1711,7 +1893,7 @@ dependencies = [ "futures-util", "opentelemetry", "percent-encoding", - "rand", + "rand 0.9.2", "thiserror 2.0.17", "tokio", "tokio-stream", @@ -1726,6 +1908,18 @@ dependencies = [ "num-traits", ] +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + [[package]] name = "parking" version = "2.2.1" @@ -1765,6 +1959,15 @@ dependencies = [ "serde_core", ] +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.2" @@ -1846,6 +2049,27 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.32" @@ -1876,6 +2100,15 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro-crate" version = "3.4.0" @@ -1948,14 +2181,34 @@ version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + [[package]] name = "rand" version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ - "rand_chacha", - "rand_core", + "rand_chacha 0.9.0", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", ] [[package]] @@ -1965,7 +2218,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.16", ] [[package]] @@ -2075,6 +2337,16 @@ dependencies = [ "web-sys", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "ring" version = "0.17.14" @@ -2089,6 +2361,27 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rsa" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core 0.6.4", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + [[package]] name = "rstest" version = "0.26.1" @@ -2227,6 +2520,20 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "secrecy" version = "0.10.3" @@ -2365,6 +2672,17 @@ dependencies = [ "unsafe-libyaml", ] +[[package]] +name = "sha1" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + [[package]] name = "sha2" version = "0.10.9" @@ -2400,6 +2718,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core 0.6.4", +] + [[package]] name = "simd-adler32" version = "0.3.7" @@ -2470,12 +2798,52 @@ dependencies = [ "windows-sys 0.60.2", ] +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable_deref_trait" version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" +[[package]] +name = "stackable-certs" +version = "0.4.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" +dependencies = [ + "const-oid", + "ecdsa", + "k8s-openapi", + "kube", + "p256", + "rand 0.9.2", + "rand_core 0.6.4", + "rsa", + "sha2", + "signature", + "snafu 0.8.9", + "stackable-shared", + "tokio", + "tokio-rustls", + "tracing", + "x509-cert", + "zeroize", +] + [[package]] name = "stackable-kafka-operator" version = "0.0.0-dev" @@ -2528,6 +2896,7 @@ dependencies = [ "stackable-shared", "stackable-telemetry", "stackable-versioned", + "stackable-webhook", "strum", "tokio", "tracing", @@ -2618,6 +2987,37 @@ dependencies = [ "syn 2.0.108", ] +[[package]] +name = "stackable-webhook" +version = "0.9.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" +dependencies = [ + "arc-swap", + "async-trait", + "axum", + "futures-util", + "hyper", + "hyper-util", + "k8s-openapi", + "kube", + "opentelemetry", + "opentelemetry-semantic-conventions", + "rand 0.9.2", + "serde", + "serde_json", + "snafu 0.8.9", + "stackable-certs", + "stackable-shared", + "stackable-telemetry", + "tokio", + "tokio-rustls", + "tower", + "tower-http", + "tracing", + "tracing-opentelemetry", + "x509-cert", +] + [[package]] name = "strsim" version = "0.11.1" @@ -2744,30 +3144,30 @@ dependencies = [ [[package]] name = "time" -version = "0.3.44" +version = "0.3.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" dependencies = [ "deranged", "itoa", "num-conv", "powerfmt", - "serde", + "serde_core", "time-core", "time-macros", ] [[package]] name = "time-core" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" [[package]] name = "time-macros" -version = "0.2.24" +version = "0.2.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" dependencies = [ "num-conv", "time-core", @@ -2783,6 +3183,27 @@ dependencies = [ "zerovec", ] +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.108", +] + [[package]] name = "tokio" version = "1.48.0" @@ -3506,6 +3927,20 @@ version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea2f10b9bb0928dfb1b42b65e1f9e36f7f54dbdf08457afefb38afcdec4fa2bb" +[[package]] +name = "x509-cert" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +dependencies = [ + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", +] + [[package]] name = "xml" version = "1.1.0" @@ -3582,6 +4017,20 @@ name = "zeroize" version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.108", +] [[package]] name = "zerotrie" diff --git a/Cargo.nix b/Cargo.nix index 2a85bd99..0d2c37cf 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -339,6 +339,25 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "arc-swap" = rec { + crateName = "arc-swap"; + version = "1.8.1"; + edition = "2018"; + sha256 = "0wqfhlaljb6y6w1cb92hikf2rlrch7p02ld2p38j93xc0fd5zvcx"; + libName = "arc_swap"; + authors = [ + "Michal 'vorner' Vaner " + ]; + dependencies = [ + { + name = "rustversion"; + packageId = "rustversion"; + } + ]; + features = { + "serde" = [ "dep:serde" ]; + }; + }; "async-broadcast" = rec { crateName = "async-broadcast"; version = "0.7.2"; @@ -757,6 +776,19 @@ rec { }; resolvedDefaultFeatures = [ "default" "gloo-timers" "gloo-timers-sleep" "std" "std-blocking-sleep" "tokio" "tokio-sleep" ]; }; + "base16ct" = rec { + crateName = "base16ct"; + version = "0.2.0"; + edition = "2021"; + sha256 = "1kylrjhdzk7qpknrvlphw8ywdnvvg39dizw9622w3wk5xba04zsc"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "base64" = rec { crateName = "base64"; version = "0.22.1"; @@ -771,6 +803,19 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "std" ]; }; + "base64ct" = rec { + crateName = "base64ct"; + version = "1.8.3"; + edition = "2024"; + sha256 = "01nyyyx84bhwrcc168hn47d8gvz2pzpv3y3lmck7mq4hw5vh3x9a"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "bit-set" = rec { crateName = "bit-set"; version = "0.8.0"; @@ -1166,6 +1211,20 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; + "const-oid" = rec { + crateName = "const-oid"; + version = "0.9.6"; + edition = "2021"; + sha256 = "1y0jnqaq7p2wvspnx7qj76m7hjcqpz73qzvr9l2p9n2s51vr6if2"; + libName = "const_oid"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + }; + resolvedDefaultFeatures = [ "db" "std" ]; + }; "const_format" = rec { crateName = "const_format"; version = "0.2.35"; @@ -1377,6 +1436,58 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; + "crypto-bigint" = rec { + crateName = "crypto-bigint"; + version = "0.5.5"; + edition = "2021"; + sha256 = "0xmbdff3g6ii5sbxjxc31xfkv9lrmyril4arh3dzckd4gjsjzj8d"; + libName = "crypto_bigint"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "generic-array"; + packageId = "generic-array"; + optional = true; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + optional = true; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + features = [ "std" ]; + } + ]; + features = { + "alloc" = [ "serdect?/alloc" ]; + "default" = [ "rand" ]; + "der" = [ "dep:der" ]; + "generic-array" = [ "dep:generic-array" ]; + "rand" = [ "rand_core/std" ]; + "rand_core" = [ "dep:rand_core" ]; + "rlp" = [ "dep:rlp" ]; + "serde" = [ "dep:serdect" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "generic-array" "rand_core" "zeroize" ]; + }; "crypto-common" = rec { crateName = "crypto-common"; version = "0.1.6"; @@ -1401,6 +1512,7 @@ rec { "getrandom" = [ "rand_core/getrandom" ]; "rand_core" = [ "dep:rand_core" ]; }; + resolvedDefaultFeatures = [ "std" ]; }; "darling 0.21.3" = rec { crateName = "darling"; @@ -1612,6 +1724,83 @@ rec { } ]; + }; + "der" = rec { + crateName = "der"; + version = "0.7.10"; + edition = "2021"; + sha256 = "1jyxacyxdx6mxbkfw99jz59dzvcd9k17rq01a7xvn1dr6wl87hg7"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + optional = true; + } + { + name = "der_derive"; + packageId = "der_derive"; + optional = true; + } + { + name = "flagset"; + packageId = "flagset"; + optional = true; + } + { + name = "pem-rfc7468"; + packageId = "pem-rfc7468"; + optional = true; + features = [ "alloc" ]; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "zeroize?/alloc" ]; + "arbitrary" = [ "dep:arbitrary" "const-oid?/arbitrary" "std" ]; + "bytes" = [ "dep:bytes" "alloc" ]; + "derive" = [ "dep:der_derive" ]; + "flagset" = [ "dep:flagset" ]; + "oid" = [ "dep:const-oid" ]; + "pem" = [ "dep:pem-rfc7468" "alloc" "zeroize" ]; + "std" = [ "alloc" ]; + "time" = [ "dep:time" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "alloc" "derive" "flagset" "oid" "pem" "std" "zeroize" ]; + }; + "der_derive" = rec { + crateName = "der_derive"; + version = "0.7.3"; + edition = "2021"; + sha256 = "065d2wy7zd0dank99hh58l5x7lv50hxnr7j6f3sphlb7i4ihjd40"; + procMacro = true; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.108"; + features = [ "extra-traits" ]; + } + ]; + }; "deranged" = rec { crateName = "deranged"; @@ -1743,10 +1932,21 @@ rec { packageId = "block-buffer"; optional = true; } + { + name = "const-oid"; + packageId = "const-oid"; + optional = true; + } { name = "crypto-common"; packageId = "crypto-common"; } + { + name = "subtle"; + packageId = "subtle"; + optional = true; + usesDefaultFeatures = false; + } ]; features = { "blobby" = [ "dep:blobby" ]; @@ -1761,7 +1961,7 @@ rec { "std" = [ "alloc" "crypto-common/std" ]; "subtle" = [ "dep:subtle" ]; }; - resolvedDefaultFeatures = [ "block-buffer" "core-api" "default" ]; + resolvedDefaultFeatures = [ "alloc" "block-buffer" "const-oid" "core-api" "default" "mac" "oid" "std" "subtle" ]; }; "displaydoc" = rec { crateName = "displaydoc"; @@ -1850,6 +2050,79 @@ rec { ]; }; + "ecdsa" = rec { + crateName = "ecdsa"; + version = "0.16.9"; + edition = "2021"; + sha256 = "1jhb0bcbkaz4001sdmfyv8ajrv8a1cg7z7aa5myrd4jjbhmz69zf"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "der"; + packageId = "der"; + optional = true; + } + { + name = "digest"; + packageId = "digest"; + optional = true; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "digest" "sec1" ]; + } + { + name = "rfc6979"; + packageId = "rfc6979"; + optional = true; + } + { + name = "signature"; + packageId = "signature"; + usesDefaultFeatures = false; + features = [ "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "dev" ]; + } + ]; + features = { + "alloc" = [ "elliptic-curve/alloc" "signature/alloc" "spki/alloc" ]; + "arithmetic" = [ "elliptic-curve/arithmetic" ]; + "default" = [ "digest" ]; + "der" = [ "dep:der" ]; + "dev" = [ "arithmetic" "digest" "elliptic-curve/dev" "hazmat" ]; + "digest" = [ "dep:digest" "signature/digest" ]; + "pem" = [ "elliptic-curve/pem" "pkcs8" ]; + "pkcs8" = [ "digest" "elliptic-curve/pkcs8" "der" ]; + "rfc6979" = [ "dep:rfc6979" ]; + "serde" = [ "elliptic-curve/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "sha2" = [ "dep:sha2" ]; + "signing" = [ "arithmetic" "digest" "hazmat" "rfc6979" ]; + "spki" = [ "dep:spki" ]; + "std" = [ "alloc" "elliptic-curve/std" "signature/std" ]; + "verifying" = [ "arithmetic" "digest" "hazmat" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "default" "der" "digest" "hazmat" "pem" "pkcs8" "rfc6979" "signing" "spki" "std" "verifying" ]; + }; "educe" = rec { crateName = "educe"; version = "0.6.0"; @@ -1907,6 +2180,104 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" "use_std" ]; }; + "elliptic-curve" = rec { + crateName = "elliptic-curve"; + version = "0.13.8"; + edition = "2021"; + sha256 = "0ixx4brgnzi61z29r3g1606nh2za88hzyz8c5r3p6ydzhqq09rmm"; + libName = "elliptic_curve"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base16ct"; + packageId = "base16ct"; + } + { + name = "crypto-bigint"; + packageId = "crypto-bigint"; + usesDefaultFeatures = false; + features = [ "rand_core" "generic-array" "zeroize" ]; + } + { + name = "digest"; + packageId = "digest"; + optional = true; + } + { + name = "ff"; + packageId = "ff"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "generic-array"; + packageId = "generic-array"; + usesDefaultFeatures = false; + features = [ "zeroize" ]; + } + { + name = "group"; + packageId = "group"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "pem-rfc7468"; + packageId = "pem-rfc7468"; + optional = true; + features = [ "alloc" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sec1"; + packageId = "sec1"; + optional = true; + features = [ "subtle" "zeroize" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "base16ct/alloc" "ff?/alloc" "group?/alloc" "pkcs8?/alloc" "sec1?/alloc" "zeroize/alloc" ]; + "arithmetic" = [ "group" ]; + "bits" = [ "arithmetic" "ff/bits" "dep:tap" ]; + "default" = [ "arithmetic" ]; + "dev" = [ "arithmetic" "dep:hex-literal" "pem" "pkcs8" ]; + "digest" = [ "dep:digest" ]; + "ecdh" = [ "arithmetic" "digest" "dep:hkdf" ]; + "ff" = [ "dep:ff" ]; + "group" = [ "dep:group" "ff" ]; + "hash2curve" = [ "arithmetic" "digest" ]; + "jwk" = [ "dep:base64ct" "dep:serde_json" "alloc" "serde" "zeroize/alloc" ]; + "pem" = [ "dep:pem-rfc7468" "alloc" "arithmetic" "pkcs8" "sec1/pem" ]; + "pkcs8" = [ "dep:pkcs8" "sec1" ]; + "sec1" = [ "dep:sec1" ]; + "serde" = [ "dep:serdect" "alloc" "pkcs8" "sec1/serde" ]; + "std" = [ "alloc" "rand_core/std" "pkcs8?/std" "sec1?/std" ]; + "voprf" = [ "digest" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "digest" "ff" "group" "hazmat" "pem" "pkcs8" "sec1" "std" ]; + }; "encoding_rs" = rec { crateName = "encoding_rs"; version = "0.8.35"; @@ -2118,6 +2489,40 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "std" ]; }; + "ff" = rec { + crateName = "ff"; + version = "0.13.1"; + edition = "2021"; + sha256 = "14v3bc6q24gbcjnxjfbq2dddgf4as2z2gd4mj35gjlrncpxhpdf0"; + authors = [ + "Sean Bowe " + "Jack Grigg " + ]; + dependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + features = { + "bits" = [ "bitvec" ]; + "bitvec" = [ "dep:bitvec" ]; + "byteorder" = [ "dep:byteorder" ]; + "default" = [ "bits" "std" ]; + "derive" = [ "byteorder" "ff_derive" ]; + "derive_bits" = [ "bits" "ff_derive/bits" ]; + "ff_derive" = [ "dep:ff_derive" ]; + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "find-msvc-tools" = rec { crateName = "find-msvc-tools"; version = "0.1.4"; @@ -2126,6 +2531,18 @@ rec { libName = "find_msvc_tools"; }; + "flagset" = rec { + crateName = "flagset"; + version = "0.4.7"; + edition = "2021"; + sha256 = "1zplx30g76kl5la3ayl9ns5p3diqd9zphbcggqcm4nm7411q5b5p"; + authors = [ + "Nathaniel McCallum " + ]; + features = { + "serde" = [ "dep:serde" ]; + }; + }; "flate2" = rec { crateName = "flate2"; version = "1.1.5"; @@ -2530,6 +2947,12 @@ rec { name = "typenum"; packageId = "typenum"; } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } ]; buildDependencies = [ { @@ -2541,7 +2964,7 @@ rec { "serde" = [ "dep:serde" ]; "zeroize" = [ "dep:zeroize" ]; }; - resolvedDefaultFeatures = [ "more_lengths" ]; + resolvedDefaultFeatures = [ "more_lengths" "zeroize" ]; }; "getrandom 0.2.16" = rec { crateName = "getrandom"; @@ -2577,6 +3000,7 @@ rec { "rustc-dep-of-std" = [ "compiler_builtins" "core" "libc/rustc-dep-of-std" "wasi/rustc-dep-of-std" ]; "wasm-bindgen" = [ "dep:wasm-bindgen" ]; }; + resolvedDefaultFeatures = [ "std" ]; }; "getrandom 0.3.4" = rec { crateName = "getrandom"; @@ -2659,9 +3083,9 @@ rec { }; "git2" = rec { crateName = "git2"; - version = "0.20.2"; + version = "0.20.4"; edition = "2018"; - sha256 = "0451zzmvblvlrj6y6pgdsxrqh42hi789n3k9lp0hslmi6fhhgsrd"; + sha256 = "0azykjpk3j6s354z23jkyq3r3pbmlw9ha1zsxkw5cnnpi1h2b23v"; authors = [ "Josh Triplett " "Alex Crichton " @@ -2745,6 +3169,42 @@ rec { }; resolvedDefaultFeatures = [ "default" "futures" "futures-channel" "futures-core" ]; }; + "group" = rec { + crateName = "group"; + version = "0.13.0"; + edition = "2021"; + sha256 = "0qqs2p5vqnv3zvq9mfjkmw3qlvgqb0c3cm6p33srkh7pc9sfzygh"; + authors = [ + "Sean Bowe " + "Jack Grigg " + ]; + dependencies = [ + { + name = "ff"; + packageId = "ff"; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "alloc" ]; + "memuse" = [ "dep:memuse" ]; + "rand" = [ "dep:rand" ]; + "rand_xorshift" = [ "dep:rand_xorshift" ]; + "tests" = [ "alloc" "rand" "rand_xorshift" ]; + "wnaf-memuse" = [ "alloc" "memuse" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "h2" = rec { crateName = "h2"; version = "0.4.12"; @@ -2888,6 +3348,33 @@ rec { sha256 = "1sjmpsdl8czyh9ywl3qcsfsq9a307dg4ni2vnlwgnzzqhc4y0113"; }; + "hmac" = rec { + crateName = "hmac"; + version = "0.12.1"; + edition = "2018"; + sha256 = "0pmbr069sfg76z7wsssfk5ddcqd9ncp79fyz6zcm6yn115yc6jbc"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "digest"; + packageId = "digest"; + features = [ "mac" ]; + } + ]; + devDependencies = [ + { + name = "digest"; + packageId = "digest"; + features = [ "dev" ]; + } + ]; + features = { + "std" = [ "digest/std" ]; + }; + resolvedDefaultFeatures = [ "reset" ]; + }; "home" = rec { crateName = "home"; version = "0.5.12"; @@ -3154,7 +3641,7 @@ rec { "server" = [ "dep:httpdate" "dep:pin-project-lite" "dep:smallvec" ]; "tracing" = [ "dep:tracing" ]; }; - resolvedDefaultFeatures = [ "client" "default" "http1" "http2" "server" ]; + resolvedDefaultFeatures = [ "client" "default" "full" "http1" "http2" "server" ]; }; "hyper-rustls" = rec { crateName = "hyper-rustls"; @@ -4873,10 +5360,20 @@ rec { authors = [ "Marvin Löbel " ]; + dependencies = [ + { + name = "spin"; + packageId = "spin"; + optional = true; + usesDefaultFeatures = false; + features = [ "once" ]; + } + ]; features = { "spin" = [ "dep:spin" ]; "spin_no_std" = [ "spin" ]; }; + resolvedDefaultFeatures = [ "spin" "spin_no_std" ]; }; "libc" = rec { crateName = "libc"; @@ -4896,10 +5393,10 @@ rec { }; "libgit2-sys" = rec { crateName = "libgit2-sys"; - version = "0.18.2+1.9.1"; - edition = "2018"; + version = "0.18.3+1.9.2"; + edition = "2021"; links = "git2"; - sha256 = "08n223x2pkf4gj6yrjmh3z6q236qj6nifwww78xcblrbvw1zwhhw"; + sha256 = "11rlbyihj3k35mnkxxz4yvsnlx33a4r9srl66c5vp08pp72arcy9"; libName = "libgit2_sys"; libPath = "lib.rs"; authors = [ @@ -4938,6 +5435,23 @@ rec { "zlib-ng-compat" = [ "libz-sys/zlib-ng" "libssh2-sys?/zlib-ng-compat" ]; }; }; + "libm" = rec { + crateName = "libm"; + version = "0.2.16"; + edition = "2021"; + sha256 = "10brh0a3qjmbzkr5mf5xqi887nhs5y9layvnki89ykz9xb1wxlmn"; + authors = [ + "Alex Crichton " + "Amanieu d'Antras " + "Jorge Aparicio " + "Trevor Gross " + ]; + features = { + "default" = [ "arch" ]; + "unstable" = [ "unstable-intrinsics" "unstable-float" ]; + }; + resolvedDefaultFeatures = [ "arch" "default" ]; + }; "libz-sys" = rec { crateName = "libz-sys"; version = "1.1.22"; @@ -5210,17 +5724,149 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "num-bigint-dig" = rec { + crateName = "num-bigint-dig"; + version = "0.8.6"; + edition = "2021"; + sha256 = "1dxh3d8pzjc5k0kpy8gy2qhhhqs7zw8a7m564zl3ib8gcjkdsqg6"; + libName = "num_bigint_dig"; + authors = [ + "dignifiedquire " + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "lazy_static"; + packageId = "lazy_static"; + usesDefaultFeatures = false; + features = [ "spin_no_std" ]; + } + { + name = "libm"; + packageId = "libm"; + } + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "num-iter"; + packageId = "num-iter"; + usesDefaultFeatures = false; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "rand"; + packageId = "rand 0.8.5"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "smallvec"; + packageId = "smallvec"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "rand"; + packageId = "rand 0.8.5"; + features = [ "small_rng" ]; + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + "default" = [ "std" "u64_digit" ]; + "fuzz" = [ "arbitrary" "smallvec/arbitrary" ]; + "prime" = [ "rand/std_rng" ]; + "rand" = [ "dep:rand" ]; + "serde" = [ "dep:serde" ]; + "std" = [ "num-integer/std" "num-traits/std" "smallvec/write" "rand/std" "serde/std" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "i128" "prime" "rand" "u64_digit" "zeroize" ]; + }; "num-conv" = rec { crateName = "num-conv"; - version = "0.1.0"; + version = "0.2.0"; edition = "2021"; - sha256 = "1ndiyg82q73783jq18isi71a7mjh56wxrk52rlvyx0mi5z9ibmai"; + sha256 = "0l4hj7lp8zbb9am4j3p7vlcv47y9bbazinvnxx9zjhiwkibyr5yg"; libName = "num_conv"; authors = [ "Jacob Pratt " ]; }; + "num-integer" = rec { + crateName = "num-integer"; + version = "0.1.46"; + edition = "2018"; + sha256 = "13w5g54a9184cqlbsq80rnxw4jj4s0d8wv75jsq5r2lms8gncsbr"; + libName = "num_integer"; + authors = [ + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + features = { + "default" = [ "std" ]; + "std" = [ "num-traits/std" ]; + }; + resolvedDefaultFeatures = [ "i128" ]; + }; + "num-iter" = rec { + crateName = "num-iter"; + version = "0.1.45"; + edition = "2018"; + sha256 = "1gzm7vc5g9qsjjl3bqk9rz1h6raxhygbrcpbfl04swlh0i506a8l"; + libName = "num_iter"; + authors = [ + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + buildDependencies = [ + { + name = "autocfg"; + packageId = "autocfg"; + } + ]; + features = { + "default" = [ "std" ]; + "std" = [ "num-integer/std" "num-traits/std" ]; + }; + }; "num-traits" = rec { crateName = "num-traits"; version = "0.2.19"; @@ -5230,6 +5876,13 @@ rec { authors = [ "The Rust Project Developers" ]; + dependencies = [ + { + name = "libm"; + packageId = "libm"; + optional = true; + } + ]; buildDependencies = [ { name = "autocfg"; @@ -5240,7 +5893,7 @@ rec { "default" = [ "std" ]; "libm" = [ "dep:libm" ]; }; - resolvedDefaultFeatures = [ "std" ]; + resolvedDefaultFeatures = [ "i128" "libm" "std" ]; }; "once_cell" = rec { crateName = "once_cell"; @@ -5671,7 +6324,7 @@ rec { } { name = "rand"; - packageId = "rand"; + packageId = "rand 0.9.2"; optional = true; usesDefaultFeatures = false; features = [ "std" "std_rng" "small_rng" "os_rng" "thread_rng" ]; @@ -5753,6 +6406,79 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "p256" = rec { + crateName = "p256"; + version = "0.13.2"; + edition = "2021"; + sha256 = "0jyd3c3k239ybs59ixpnl7dqkmm072fr1js8kh7ldx58bzc3m1n9"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "ecdsa"; + packageId = "ecdsa"; + rename = "ecdsa-core"; + optional = true; + usesDefaultFeatures = false; + features = [ "der" ]; + } + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "hazmat" "sec1" ]; + } + { + name = "primeorder"; + packageId = "primeorder"; + optional = true; + } + { + name = "sha2"; + packageId = "sha2"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "ecdsa"; + packageId = "ecdsa"; + rename = "ecdsa-core"; + usesDefaultFeatures = false; + features = [ "dev" ]; + } + { + name = "primeorder"; + packageId = "primeorder"; + features = [ "dev" ]; + } + ]; + features = { + "alloc" = [ "ecdsa-core?/alloc" "elliptic-curve/alloc" ]; + "arithmetic" = [ "dep:primeorder" "elliptic-curve/arithmetic" ]; + "bits" = [ "arithmetic" "elliptic-curve/bits" ]; + "default" = [ "arithmetic" "ecdsa" "pem" "std" ]; + "digest" = [ "ecdsa-core/digest" "ecdsa-core/hazmat" ]; + "ecdh" = [ "arithmetic" "elliptic-curve/ecdh" ]; + "ecdsa" = [ "arithmetic" "ecdsa-core/signing" "ecdsa-core/verifying" "sha256" ]; + "ecdsa-core" = [ "dep:ecdsa-core" ]; + "expose-field" = [ "arithmetic" ]; + "hash2curve" = [ "arithmetic" "elliptic-curve/hash2curve" ]; + "jwk" = [ "elliptic-curve/jwk" ]; + "pem" = [ "elliptic-curve/pem" "ecdsa-core/pem" "pkcs8" ]; + "pkcs8" = [ "ecdsa-core?/pkcs8" "elliptic-curve/pkcs8" ]; + "serde" = [ "ecdsa-core?/serde" "elliptic-curve/serde" "primeorder?/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "sha2" = [ "dep:sha2" ]; + "sha256" = [ "digest" "sha2" ]; + "std" = [ "alloc" "ecdsa-core?/std" "elliptic-curve/std" ]; + "test-vectors" = [ "dep:hex-literal" ]; + "voprf" = [ "elliptic-curve/voprf" "sha2" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "default" "digest" "ecdsa" "ecdsa-core" "pem" "pkcs8" "sha2" "sha256" "std" ]; + }; "parking" = rec { crateName = "parking"; version = "2.2.1"; @@ -5861,6 +6587,27 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "pem-rfc7468" = rec { + crateName = "pem-rfc7468"; + version = "0.7.0"; + edition = "2021"; + sha256 = "04l4852scl4zdva31c1z6jafbak0ni5pi0j38ml108zwzjdrrcw8"; + libName = "pem_rfc7468"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base64ct"; + packageId = "base64ct"; + } + ]; + features = { + "alloc" = [ "base64ct/alloc" ]; + "std" = [ "alloc" "base64ct/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "percent-encoding" = rec { crateName = "percent-encoding"; version = "2.3.2"; @@ -6057,45 +6804,113 @@ rec { ]; }; - "pkg-config" = rec { - crateName = "pkg-config"; - version = "0.3.32"; - edition = "2018"; - sha256 = "0k4h3gnzs94sjb2ix6jyksacs52cf1fanpwsmlhjnwrdnp8dppby"; - libName = "pkg_config"; - authors = [ - "Alex Crichton " - ]; - - }; - "potential_utf" = rec { - crateName = "potential_utf"; - version = "0.1.3"; + "pkcs1" = rec { + crateName = "pkcs1"; + version = "0.7.5"; edition = "2021"; - sha256 = "12mhwvhpvvim6xqp6ifgkh1sniv9j2cmid6axn10fnjvpsnikpw4"; + sha256 = "0zz4mil3nchnxljdfs2k5ab1cjqn7kq5lqp62n9qfix01zqvkzy8"; authors = [ - "The ICU4X Project Developers" + "RustCrypto Developers" ]; dependencies = [ { - name = "zerovec"; - packageId = "zerovec"; + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; optional = true; usesDefaultFeatures = false; } + { + name = "spki"; + packageId = "spki"; + } ]; features = { - "alloc" = [ "serde?/alloc" "zerovec?/alloc" ]; - "databake" = [ "dep:databake" ]; - "serde" = [ "dep:serde" ]; - "writeable" = [ "dep:writeable" "alloc" ]; - "zerovec" = [ "dep:zerovec" ]; + "alloc" = [ "der/alloc" "zeroize" "pkcs8?/alloc" ]; + "pem" = [ "alloc" "der/pem" "pkcs8?/pem" ]; + "pkcs8" = [ "dep:pkcs8" ]; + "std" = [ "der/std" "alloc" ]; + "zeroize" = [ "der/zeroize" ]; }; - resolvedDefaultFeatures = [ "zerovec" ]; + resolvedDefaultFeatures = [ "alloc" "pem" "pkcs8" "std" "zeroize" ]; }; - "powerfmt" = rec { - crateName = "powerfmt"; - version = "0.2.0"; + "pkcs8" = rec { + crateName = "pkcs8"; + version = "0.10.2"; + edition = "2021"; + sha256 = "1dx7w21gvn07azszgqd3ryjhyphsrjrmq5mmz1fbxkj5g0vv4l7r"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + { + name = "spki"; + packageId = "spki"; + } + ]; + features = { + "3des" = [ "encryption" "pkcs5/3des" ]; + "alloc" = [ "der/alloc" "der/zeroize" "spki/alloc" ]; + "des-insecure" = [ "encryption" "pkcs5/des-insecure" ]; + "encryption" = [ "alloc" "pkcs5/alloc" "pkcs5/pbes2" "rand_core" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "pem" = [ "alloc" "der/pem" "spki/pem" ]; + "pkcs5" = [ "dep:pkcs5" ]; + "rand_core" = [ "dep:rand_core" ]; + "sha1-insecure" = [ "encryption" "pkcs5/sha1-insecure" ]; + "std" = [ "alloc" "der/std" "spki/std" ]; + "subtle" = [ "dep:subtle" ]; + }; + resolvedDefaultFeatures = [ "alloc" "pem" "std" ]; + }; + "pkg-config" = rec { + crateName = "pkg-config"; + version = "0.3.32"; + edition = "2018"; + sha256 = "0k4h3gnzs94sjb2ix6jyksacs52cf1fanpwsmlhjnwrdnp8dppby"; + libName = "pkg_config"; + authors = [ + "Alex Crichton " + ]; + + }; + "potential_utf" = rec { + crateName = "potential_utf"; + version = "0.1.3"; + edition = "2021"; + sha256 = "12mhwvhpvvim6xqp6ifgkh1sniv9j2cmid6axn10fnjvpsnikpw4"; + authors = [ + "The ICU4X Project Developers" + ]; + dependencies = [ + { + name = "zerovec"; + packageId = "zerovec"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "serde?/alloc" "zerovec?/alloc" ]; + "databake" = [ "dep:databake" ]; + "serde" = [ "dep:serde" ]; + "writeable" = [ "dep:writeable" "alloc" ]; + "zerovec" = [ "dep:zerovec" ]; + }; + resolvedDefaultFeatures = [ "zerovec" ]; + }; + "powerfmt" = rec { + crateName = "powerfmt"; + version = "0.2.0"; edition = "2021"; sha256 = "14ckj2xdpkhv3h6l5sdmb9f1d57z8hbfpdldjc2vl5givq2y77j3"; authors = [ @@ -6128,6 +6943,29 @@ rec { }; resolvedDefaultFeatures = [ "simd" "std" ]; }; + "primeorder" = rec { + crateName = "primeorder"; + version = "0.13.6"; + edition = "2021"; + sha256 = "1rp16710mxksagcjnxqjjq9r9wf5vf72fs8wxffnvhb6i6hiqgim"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "arithmetic" "sec1" ]; + } + ]; + features = { + "alloc" = [ "elliptic-curve/alloc" ]; + "serde" = [ "elliptic-curve/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "std" = [ "alloc" "elliptic-curve/std" ]; + }; + }; "proc-macro-crate" = rec { crateName = "proc-macro-crate"; version = "3.4.0"; @@ -6323,7 +7161,44 @@ rec { "rustc-dep-of-std" = [ "core" ]; }; }; - "rand" = rec { + "rand 0.8.5" = rec { + crateName = "rand"; + version = "0.8.5"; + edition = "2018"; + sha256 = "013l6931nn7gkc23jz5mm3qdhf93jjf0fg64nz2lp4i51qd8vbrl"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "rand_chacha"; + packageId = "rand_chacha 0.3.1"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + } + ]; + features = { + "alloc" = [ "rand_core/alloc" ]; + "default" = [ "std" "std_rng" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "libc" = [ "dep:libc" ]; + "log" = [ "dep:log" ]; + "packed_simd" = [ "dep:packed_simd" ]; + "rand_chacha" = [ "dep:rand_chacha" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" "rand_core/serde1" ]; + "simd_support" = [ "packed_simd" ]; + "std" = [ "rand_core/std" "rand_chacha/std" "alloc" "getrandom" "libc" ]; + "std_rng" = [ "rand_chacha" ]; + }; + resolvedDefaultFeatures = [ "rand_chacha" "std_rng" ]; + }; + "rand 0.9.2" = rec { crateName = "rand"; version = "0.9.2"; edition = "2021"; @@ -6335,13 +7210,13 @@ rec { dependencies = [ { name = "rand_chacha"; - packageId = "rand_chacha"; + packageId = "rand_chacha 0.9.0"; optional = true; usesDefaultFeatures = false; } { name = "rand_core"; - packageId = "rand_core"; + packageId = "rand_core 0.9.3"; usesDefaultFeatures = false; } ]; @@ -6354,9 +7229,38 @@ rec { "std_rng" = [ "dep:rand_chacha" ]; "thread_rng" = [ "std" "std_rng" "os_rng" ]; }; - resolvedDefaultFeatures = [ "alloc" "os_rng" "small_rng" "std" "std_rng" "thread_rng" ]; + resolvedDefaultFeatures = [ "alloc" "default" "os_rng" "small_rng" "std" "std_rng" "thread_rng" ]; }; - "rand_chacha" = rec { + "rand_chacha 0.3.1" = rec { + crateName = "rand_chacha"; + version = "0.3.1"; + edition = "2018"; + sha256 = "123x2adin558xbhvqb8w4f6syjsdkmqff8cxwhmjacpsl1ihmhg6"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + "The CryptoCorrosion Contributors" + ]; + dependencies = [ + { + name = "ppv-lite86"; + packageId = "ppv-lite86"; + usesDefaultFeatures = false; + features = [ "simd" ]; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + } + ]; + features = { + "default" = [ "std" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" ]; + "std" = [ "ppv-lite86/std" ]; + }; + }; + "rand_chacha 0.9.0" = rec { crateName = "rand_chacha"; version = "0.9.0"; edition = "2021"; @@ -6375,13 +7279,13 @@ rec { } { name = "rand_core"; - packageId = "rand_core"; + packageId = "rand_core 0.9.3"; } ]; devDependencies = [ { name = "rand_core"; - packageId = "rand_core"; + packageId = "rand_core 0.9.3"; features = [ "os_rng" ]; } ]; @@ -6393,7 +7297,31 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; - "rand_core" = rec { + "rand_core 0.6.4" = rec { + crateName = "rand_core"; + version = "0.6.4"; + edition = "2018"; + sha256 = "0b4j2v4cb5krak1pv6kakv4sz6xcwbrmy2zckc32hsigbrwy82zc"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "getrandom"; + packageId = "getrandom 0.2.16"; + optional = true; + } + ]; + features = { + "getrandom" = [ "dep:getrandom" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" ]; + "std" = [ "alloc" "getrandom" "getrandom/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" "getrandom" "std" ]; + }; + "rand_core 0.9.3" = rec { crateName = "rand_core"; version = "0.9.3"; edition = "2021"; @@ -6864,6 +7792,29 @@ rec { }; resolvedDefaultFeatures = [ "blocking" ]; }; + "rfc6979" = rec { + crateName = "rfc6979"; + version = "0.4.0"; + edition = "2021"; + sha256 = "1chw95jgcfrysyzsq6a10b1j5qb7bagkx8h0wda4lv25in02mpgq"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "hmac"; + packageId = "hmac"; + usesDefaultFeatures = false; + features = [ "reset" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + ]; + + }; "ring" = rec { crateName = "ring"; version = "0.17.14"; @@ -6925,6 +7876,119 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "dev_urandom_fallback" ]; }; + "rsa" = rec { + crateName = "rsa"; + version = "0.9.10"; + edition = "2021"; + sha256 = "0bdikdwhcvl1gfh4637m5rdw3fgcl752aiygvzmwlgc8yl1kymxq"; + authors = [ + "RustCrypto Developers" + "dignifiedquire " + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + usesDefaultFeatures = false; + } + { + name = "digest"; + packageId = "digest"; + usesDefaultFeatures = false; + features = [ "alloc" "oid" ]; + } + { + name = "num-bigint-dig"; + packageId = "num-bigint-dig"; + rename = "num-bigint"; + usesDefaultFeatures = false; + features = [ "i128" "prime" "zeroize" ]; + } + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "libm" ]; + } + { + name = "pkcs1"; + packageId = "pkcs1"; + usesDefaultFeatures = false; + features = [ "alloc" "pkcs8" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + usesDefaultFeatures = false; + features = [ "alloc" ]; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sha2"; + packageId = "sha2"; + optional = true; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + { + name = "signature"; + packageId = "signature"; + usesDefaultFeatures = false; + features = [ "alloc" "digest" "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + usesDefaultFeatures = false; + features = [ "alloc" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + features = [ "alloc" ]; + } + ]; + devDependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sha2"; + packageId = "sha2"; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + ]; + features = { + "default" = [ "std" "pem" "u64_digit" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "nightly" = [ "num-bigint/nightly" ]; + "pem" = [ "pkcs1/pem" "pkcs8/pem" ]; + "pkcs5" = [ "pkcs8/encryption" ]; + "serde" = [ "dep:serde" "num-bigint/serde" ]; + "sha1" = [ "dep:sha1" ]; + "sha2" = [ "dep:sha2" ]; + "std" = [ "digest/std" "pkcs1/std" "pkcs8/std" "rand_core/std" "signature/std" ]; + "u64_digit" = [ "num-bigint/u64_digit" ]; + }; + resolvedDefaultFeatures = [ "default" "pem" "sha2" "std" "u64_digit" ]; + }; "rstest" = rec { crateName = "rstest"; version = "0.26.1"; @@ -7363,6 +8427,66 @@ rec { "default" = [ "use_std" ]; }; }; + "sec1" = rec { + crateName = "sec1"; + version = "0.7.3"; + edition = "2021"; + sha256 = "1p273j8c87pid6a1iyyc7vxbvifrw55wbxgr0dh3l8vnbxb7msfk"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base16ct"; + packageId = "base16ct"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "der"; + packageId = "der"; + optional = true; + features = [ "oid" ]; + } + { + name = "generic-array"; + packageId = "generic-array"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "der?/alloc" "pkcs8?/alloc" "zeroize?/alloc" ]; + "default" = [ "der" "point" ]; + "der" = [ "dep:der" "zeroize" ]; + "pem" = [ "alloc" "der/pem" "pkcs8/pem" ]; + "pkcs8" = [ "dep:pkcs8" ]; + "point" = [ "dep:base16ct" "dep:generic-array" ]; + "serde" = [ "dep:serdect" ]; + "std" = [ "alloc" "der?/std" ]; + "subtle" = [ "dep:subtle" ]; + "zeroize" = [ "dep:zeroize" "der?/zeroize" ]; + }; + resolvedDefaultFeatures = [ "alloc" "default" "der" "pem" "pkcs8" "point" "std" "subtle" "zeroize" ]; + }; "secrecy" = rec { crateName = "secrecy"; version = "0.10.3"; @@ -7762,6 +8886,45 @@ rec { ]; }; + "sha1" = rec { + crateName = "sha1"; + version = "0.10.6"; + edition = "2018"; + sha256 = "1fnnxlfg08xhkmwf2ahv634as30l1i3xhlhkvxflmasi5nd85gz3"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "cfg-if"; + packageId = "cfg-if"; + } + { + name = "cpufeatures"; + packageId = "cpufeatures"; + target = { target, features }: (("aarch64" == target."arch" or null) || ("x86" == target."arch" or null) || ("x86_64" == target."arch" or null)); + } + { + name = "digest"; + packageId = "digest"; + } + ]; + devDependencies = [ + { + name = "digest"; + packageId = "digest"; + features = [ "dev" ]; + } + ]; + features = { + "asm" = [ "sha1-asm" ]; + "default" = [ "std" ]; + "oid" = [ "digest/oid" ]; + "sha1-asm" = [ "dep:sha1-asm" ]; + "std" = [ "digest/std" ]; + }; + resolvedDefaultFeatures = [ "default" "std" ]; + }; "sha2" = rec { crateName = "sha2"; version = "0.10.9"; @@ -7800,6 +8963,7 @@ rec { "sha2-asm" = [ "dep:sha2-asm" ]; "std" = [ "digest/std" ]; }; + resolvedDefaultFeatures = [ "default" "oid" "std" ]; }; "sharded-slab" = rec { crateName = "sharded-slab"; @@ -7856,6 +9020,36 @@ rec { ]; }; + "signature" = rec { + crateName = "signature"; + version = "2.2.0"; + edition = "2021"; + sha256 = "1pi9hd5vqfr3q3k49k37z06p7gs5si0in32qia4mmr1dancr6m3p"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "digest"; + packageId = "digest"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "derive" = [ "dep:derive" ]; + "digest" = [ "dep:digest" ]; + "rand_core" = [ "dep:rand_core" ]; + "std" = [ "alloc" "rand_core?/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" "digest" "rand_core" "std" ]; + }; "simd-adler32" = rec { crateName = "simd-adler32"; version = "0.3.7"; @@ -8055,21 +9249,181 @@ rec { ]; features = { }; - resolvedDefaultFeatures = [ "all" ]; - }; - "stable_deref_trait" = rec { - crateName = "stable_deref_trait"; - version = "1.2.1"; - edition = "2015"; - sha256 = "15h5h73ppqyhdhx6ywxfj88azmrpml9gl6zp3pwy2malqa6vxqkc"; - authors = [ - "Robert Grosse " - ]; - features = { - "default" = [ "std" ]; - "std" = [ "alloc" ]; - }; - resolvedDefaultFeatures = [ "alloc" ]; + resolvedDefaultFeatures = [ "all" ]; + }; + "spin" = rec { + crateName = "spin"; + version = "0.9.8"; + edition = "2015"; + sha256 = "0rvam5r0p3a6qhc18scqpvpgb3ckzyqxpgdfyjnghh8ja7byi039"; + authors = [ + "Mathijs van de Nes " + "John Ericson " + "Joshua Barretto " + ]; + features = { + "barrier" = [ "mutex" ]; + "default" = [ "lock_api" "mutex" "spin_mutex" "rwlock" "once" "lazy" "barrier" ]; + "fair_mutex" = [ "mutex" ]; + "lazy" = [ "once" ]; + "lock_api" = [ "lock_api_crate" ]; + "lock_api_crate" = [ "dep:lock_api_crate" ]; + "portable-atomic" = [ "dep:portable-atomic" ]; + "portable_atomic" = [ "portable-atomic" ]; + "spin_mutex" = [ "mutex" ]; + "ticket_mutex" = [ "mutex" ]; + "use_ticket_mutex" = [ "mutex" "ticket_mutex" ]; + }; + resolvedDefaultFeatures = [ "once" ]; + }; + "spki" = rec { + crateName = "spki"; + version = "0.7.3"; + edition = "2021"; + sha256 = "17fj8k5fmx4w9mp27l970clrh5qa7r5sjdvbsln987xhb34dc7nr"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base64ct"; + packageId = "base64ct"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + ]; + features = { + "alloc" = [ "base64ct?/alloc" "der/alloc" ]; + "arbitrary" = [ "std" "dep:arbitrary" "der/arbitrary" ]; + "base64" = [ "dep:base64ct" ]; + "fingerprint" = [ "sha2" ]; + "pem" = [ "alloc" "der/pem" ]; + "sha2" = [ "dep:sha2" ]; + "std" = [ "der/std" "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" "pem" "std" ]; + }; + "stable_deref_trait" = rec { + crateName = "stable_deref_trait"; + version = "1.2.1"; + edition = "2015"; + sha256 = "15h5h73ppqyhdhx6ywxfj88azmrpml9gl6zp3pwy2malqa6vxqkc"; + authors = [ + "Robert Grosse " + ]; + features = { + "default" = [ "std" ]; + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; + "stackable-certs" = rec { + crateName = "stackable-certs"; + version = "0.4.0"; + edition = "2024"; + workspace_member = null; + src = pkgs.fetchgit { + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; + }; + libName = "stackable_certs"; + authors = [ + "Stackable GmbH " + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + features = [ "db" ]; + } + { + name = "ecdsa"; + packageId = "ecdsa"; + features = [ "digest" "pem" ]; + } + { + name = "k8s-openapi"; + packageId = "k8s-openapi"; + usesDefaultFeatures = false; + features = [ "schemars" "v1_34" ]; + } + { + name = "kube"; + packageId = "kube"; + usesDefaultFeatures = false; + features = [ "client" "jsonpatch" "runtime" "derive" "admission" "rustls-tls" "ring" ]; + } + { + name = "p256"; + packageId = "p256"; + features = [ "ecdsa" ]; + } + { + name = "rand"; + packageId = "rand 0.9.2"; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + } + { + name = "rsa"; + packageId = "rsa"; + features = [ "sha2" ]; + } + { + name = "sha2"; + packageId = "sha2"; + features = [ "oid" ]; + } + { + name = "signature"; + packageId = "signature"; + } + { + name = "snafu"; + packageId = "snafu 0.8.9"; + } + { + name = "stackable-shared"; + packageId = "stackable-shared"; + } + { + name = "tokio"; + packageId = "tokio"; + features = [ "macros" "rt-multi-thread" "fs" ]; + } + { + name = "tokio-rustls"; + packageId = "tokio-rustls"; + optional = true; + usesDefaultFeatures = false; + features = [ "ring" "logging" "tls12" ]; + } + { + name = "tracing"; + packageId = "tracing"; + } + { + name = "x509-cert"; + packageId = "x509-cert"; + features = [ "builder" ]; + } + { + name = "zeroize"; + packageId = "zeroize"; + } + ]; + features = { + "rustls" = [ "dep:tokio-rustls" ]; + }; + resolvedDefaultFeatures = [ "default" "rustls" ]; }; "stackable-kafka-operator" = rec { crateName = "stackable-kafka-operator"; @@ -8127,7 +9481,7 @@ rec { { name = "stackable-operator"; packageId = "stackable-operator"; - features = [ "telemetry" "versioned" ]; + features = [ "telemetry" "versioned" "webhook" ]; } { name = "strum"; @@ -8292,6 +9646,11 @@ rec { packageId = "stackable-versioned"; optional = true; } + { + name = "stackable-webhook"; + packageId = "stackable-webhook"; + optional = true; + } { name = "strum"; packageId = "strum"; @@ -8330,7 +9689,7 @@ rec { "versioned" = [ "dep:stackable-versioned" ]; "webhook" = [ "dep:stackable-webhook" ]; }; - resolvedDefaultFeatures = [ "clap" "default" "telemetry" "versioned" ]; + resolvedDefaultFeatures = [ "clap" "default" "telemetry" "versioned" "webhook" ]; }; "stackable-operator-derive" = rec { crateName = "stackable-operator-derive"; @@ -8666,6 +10025,134 @@ rec { } ]; + }; + "stackable-webhook" = rec { + crateName = "stackable-webhook"; + version = "0.9.0"; + edition = "2024"; + workspace_member = null; + src = pkgs.fetchgit { + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; + }; + libName = "stackable_webhook"; + authors = [ + "Stackable GmbH " + ]; + dependencies = [ + { + name = "arc-swap"; + packageId = "arc-swap"; + } + { + name = "async-trait"; + packageId = "async-trait"; + } + { + name = "axum"; + packageId = "axum"; + features = [ "http2" ]; + } + { + name = "futures-util"; + packageId = "futures-util"; + } + { + name = "hyper"; + packageId = "hyper"; + features = [ "full" ]; + } + { + name = "hyper-util"; + packageId = "hyper-util"; + } + { + name = "k8s-openapi"; + packageId = "k8s-openapi"; + usesDefaultFeatures = false; + features = [ "schemars" "v1_34" ]; + } + { + name = "kube"; + packageId = "kube"; + usesDefaultFeatures = false; + features = [ "client" "jsonpatch" "runtime" "derive" "admission" "rustls-tls" "ring" ]; + } + { + name = "opentelemetry"; + packageId = "opentelemetry"; + } + { + name = "opentelemetry-semantic-conventions"; + packageId = "opentelemetry-semantic-conventions"; + } + { + name = "rand"; + packageId = "rand 0.9.2"; + } + { + name = "serde"; + packageId = "serde"; + features = [ "derive" ]; + } + { + name = "serde_json"; + packageId = "serde_json"; + } + { + name = "snafu"; + packageId = "snafu 0.8.9"; + } + { + name = "stackable-certs"; + packageId = "stackable-certs"; + features = [ "rustls" ]; + } + { + name = "stackable-shared"; + packageId = "stackable-shared"; + } + { + name = "stackable-telemetry"; + packageId = "stackable-telemetry"; + } + { + name = "tokio"; + packageId = "tokio"; + features = [ "macros" "rt-multi-thread" "fs" ]; + } + { + name = "tokio-rustls"; + packageId = "tokio-rustls"; + usesDefaultFeatures = false; + features = [ "ring" "logging" "tls12" ]; + } + { + name = "tower"; + packageId = "tower"; + features = [ "util" ]; + } + { + name = "tower-http"; + packageId = "tower-http"; + features = [ "trace" ]; + } + { + name = "tracing"; + packageId = "tracing"; + } + { + name = "tracing-opentelemetry"; + packageId = "tracing-opentelemetry"; + } + { + name = "x509-cert"; + packageId = "x509-cert"; + features = [ "builder" ]; + } + ]; + }; "strsim" = rec { crateName = "strsim"; @@ -8743,6 +10230,7 @@ rec { features = { "default" = [ "std" "i128" ]; }; + resolvedDefaultFeatures = [ "i128" ]; }; "syn 1.0.109" = rec { crateName = "syn"; @@ -8971,9 +10459,9 @@ rec { }; "time" = rec { crateName = "time"; - version = "0.3.44"; - edition = "2021"; - sha256 = "179awlwb36zly3nmz5h9awai1h4pbf1d83g2pmvlw4v1pgixkrwi"; + version = "0.3.47"; + edition = "2024"; + sha256 = "0b7g9ly2iabrlgizliz6v5x23yq5d6bpp0mqz6407z1s526d8fvl"; authors = [ "Jacob Pratt " "Time contributors" @@ -8999,8 +10487,8 @@ rec { usesDefaultFeatures = false; } { - name = "serde"; - packageId = "serde"; + name = "serde_core"; + packageId = "serde_core"; optional = true; usesDefaultFeatures = false; } @@ -9019,22 +10507,16 @@ rec { name = "num-conv"; packageId = "num-conv"; } - { - name = "serde"; - packageId = "serde"; - usesDefaultFeatures = false; - features = [ "derive" ]; - } { name = "time-macros"; packageId = "time-macros"; } ]; features = { - "alloc" = [ "serde?/alloc" ]; + "alloc" = [ "serde_core?/alloc" ]; "default" = [ "std" ]; "formatting" = [ "dep:itoa" "std" "time-macros?/formatting" ]; - "large-dates" = [ "time-macros?/large-dates" ]; + "large-dates" = [ "time-core/large-dates" "time-macros?/large-dates" ]; "local-offset" = [ "std" "dep:libc" "dep:num_threads" ]; "macros" = [ "dep:time-macros" ]; "parsing" = [ "time-macros?/parsing" ]; @@ -9042,7 +10524,7 @@ rec { "rand" = [ "rand08" "rand09" ]; "rand08" = [ "dep:rand08" "deranged/rand08" ]; "rand09" = [ "dep:rand09" "deranged/rand09" ]; - "serde" = [ "dep:serde" "time-macros?/serde" "deranged/serde" ]; + "serde" = [ "dep:serde_core" "time-macros?/serde" "deranged/serde" ]; "serde-human-readable" = [ "serde" "formatting" "parsing" ]; "serde-well-known" = [ "serde" "formatting" "parsing" ]; "std" = [ "alloc" ]; @@ -9052,21 +10534,22 @@ rec { }; "time-core" = rec { crateName = "time-core"; - version = "0.1.6"; - edition = "2021"; - sha256 = "0sqwhg7n47gbffyr0zhipqcnskxgcgzz1ix8wirqs2rg3my8x1j0"; + version = "0.1.8"; + edition = "2024"; + sha256 = "1jidl426mw48i7hjj4hs9vxgd9lwqq4vyalm4q8d7y4iwz7y353n"; libName = "time_core"; authors = [ "Jacob Pratt " "Time contributors" ]; - + features = { + }; }; "time-macros" = rec { crateName = "time-macros"; - version = "0.2.24"; - edition = "2021"; - sha256 = "1wzb6hnl35856f58cx259q7ijc4c7yis0qsnydvw5n8jbw9b1krh"; + version = "0.2.27"; + edition = "2024"; + sha256 = "058ja265waq275wxvnfwavbz9r1hd4dgwpfn7a1a9a70l32y8w1f"; procMacro = true; libName = "time_macros"; authors = [ @@ -9117,6 +10600,68 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "zerovec" ]; }; + "tls_codec" = rec { + crateName = "tls_codec"; + version = "0.4.2"; + edition = "2021"; + sha256 = "0sxzj0pdinn7fsc8aihqgfylsqi7z9jca0aqy3b8kfz28l9f1qhd"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "tls_codec_derive"; + packageId = "tls_codec_derive"; + optional = true; + } + { + name = "zeroize"; + packageId = "zeroize"; + usesDefaultFeatures = false; + features = [ "alloc" "zeroize_derive" ]; + } + ]; + features = { + "arbitrary" = [ "std" "dep:arbitrary" ]; + "conditional_deserialization" = [ "derive" "tls_codec_derive/conditional_deserialization" ]; + "default" = [ "std" ]; + "derive" = [ "tls_codec_derive" ]; + "serde" = [ "std" "dep:serde" ]; + "std" = [ "tls_codec_derive?/std" ]; + "tls_codec_derive" = [ "dep:tls_codec_derive" ]; + }; + resolvedDefaultFeatures = [ "derive" "std" "tls_codec_derive" ]; + }; + "tls_codec_derive" = rec { + crateName = "tls_codec_derive"; + version = "0.4.2"; + edition = "2021"; + sha256 = "1gglj5cxkpv7i3jazffksrfy5h5242kdvsqawjm2yh1915lpcbid"; + procMacro = true; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.108"; + features = [ "parsing" ]; + } + ]; + features = { + "conditional_deserialization" = [ "syn/full" ]; + "default" = [ "std" ]; + }; + resolvedDefaultFeatures = [ "default" "std" ]; + }; "tokio" = rec { crateName = "tokio"; version = "1.48.0"; @@ -9295,7 +10840,7 @@ rec { "tls12" = [ "rustls/tls12" ]; "zlib" = [ "rustls/zlib" ]; }; - resolvedDefaultFeatures = [ "logging" "tls12" ]; + resolvedDefaultFeatures = [ "logging" "ring" "tls12" ]; }; "tokio-stream" = rec { crateName = "tokio-stream"; @@ -12491,6 +14036,62 @@ rec { "either" = [ "dep:either" ]; }; }; + "x509-cert" = rec { + crateName = "x509-cert"; + version = "0.2.5"; + edition = "2021"; + sha256 = "155f42vm6m7phn8w7s2wmk9vli3ws45dqpk5z3jilw0a04syj08k"; + libName = "x509_cert"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + features = [ "db" ]; + } + { + name = "der"; + packageId = "der"; + features = [ "alloc" "derive" "flagset" "oid" ]; + } + { + name = "sha1"; + packageId = "sha1"; + optional = true; + } + { + name = "signature"; + packageId = "signature"; + optional = true; + features = [ "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + features = [ "alloc" ]; + } + { + name = "tls_codec"; + packageId = "tls_codec"; + optional = true; + usesDefaultFeatures = false; + features = [ "derive" ]; + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" "std" "der/arbitrary" "spki/arbitrary" ]; + "builder" = [ "std" "sha1/default" "signature" ]; + "default" = [ "pem" "std" ]; + "pem" = [ "der/pem" "spki/pem" ]; + "sct" = [ "dep:tls_codec" ]; + "sha1" = [ "dep:sha1" ]; + "signature" = [ "dep:signature" ]; + "std" = [ "const-oid/std" "der/std" "spki/std" "tls_codec?/std" ]; + }; + resolvedDefaultFeatures = [ "builder" "default" "pem" "sha1" "signature" "std" ]; + }; "xml" = rec { crateName = "xml"; version = "1.1.0"; @@ -12707,6 +14308,13 @@ rec { authors = [ "The RustCrypto Project Developers" ]; + dependencies = [ + { + name = "zeroize_derive"; + packageId = "zeroize_derive"; + optional = true; + } + ]; features = { "default" = [ "alloc" ]; "derive" = [ "zeroize_derive" ]; @@ -12714,7 +14322,33 @@ rec { "std" = [ "alloc" ]; "zeroize_derive" = [ "dep:zeroize_derive" ]; }; - resolvedDefaultFeatures = [ "alloc" "default" ]; + resolvedDefaultFeatures = [ "alloc" "default" "zeroize_derive" ]; + }; + "zeroize_derive" = rec { + crateName = "zeroize_derive"; + version = "1.4.3"; + edition = "2021"; + sha256 = "0bl5vd1lz27p4z336nximg5wrlw5j7jc8fxh7iv6r1wrhhav99c5"; + procMacro = true; + authors = [ + "The RustCrypto Project Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.108"; + features = [ "full" "extra-traits" "visit" ]; + } + ]; + }; "zerotrie" = rec { crateName = "zerotrie"; diff --git a/Cargo.toml b/Cargo.toml index 4f59d29c..4120e1f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ repository = "https://github.com/stackabletech/kafka-operator" [workspace.dependencies] product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.8.0" } -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.105.0", features = ["telemetry", "versioned"] } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.105.0", features = ["telemetry", "versioned", "webhook"] } anyhow = "1.0" built = { version = "0.8", features = ["chrono", "git2"] } diff --git a/Makefile b/Makefile index a7f9c95e..ee5635a7 100644 --- a/Makefile +++ b/Makefile @@ -44,9 +44,11 @@ config: cp -r deploy/config-spec/* "deploy/helm/${OPERATOR_NAME}/configs";\ fi +# We generate a crds.yaml, so that the effect of code changes are visible. +# The operator will take care of the CRD rollout itself. crds: - mkdir -p deploy/helm/"${OPERATOR_NAME}"/crds - cargo run --bin stackable-"${OPERATOR_NAME}" -- crd | yq eval '.metadata.annotations["helm.sh/resource-policy"]="keep"' - > "deploy/helm/${OPERATOR_NAME}/crds/crds.yaml" + mkdir -p extra + cargo run --bin stackable-"${OPERATOR_NAME}" -- crd > extra/crds.yaml chart-lint: compile-chart docker run -it -v $(shell pwd):/build/helm-charts -w /build/helm-charts quay.io/helmpack/chart-testing:v3.5.0 ct lint --config deploy/helm/ct.yaml diff --git a/Tiltfile b/Tiltfile index ee0941c3..53c3a8e4 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,11 +17,6 @@ custom_build( outputs_image_ref_to='result/ref', ) -# Load the latest CRDs from Nix -watch_file('result') -if os.path.exists('result'): - k8s_yaml('result/crds.yaml') - # We need to set the correct image annotation on the operator Deployment to use e.g. # oci.stackable.tech/sandbox/opa-operator:7y19m3d8clwxlv34v5q2x4p7v536s00g instead of # oci.stackable.tech/sandbox/opa-operator:0.0.0-dev (which does not exist) @@ -35,18 +30,12 @@ helm_values = settings.get('helm_values', None) helm_override_image_repository = 'image.repository=' + registry + '/' + operator_name -# Exclude stale CRDs from Helm chart, and apply the rest -helm_crds, helm_non_crds = filter_yaml( - helm( - 'deploy/helm/' + operator_name, - name=operator_name, - namespace="stackable-operators", - set=[ - helm_override_image_repository, - ], - values=helm_values, - ), - api_version = "^apiextensions\\.k8s\\.io/.*$", - kind = "^CustomResourceDefinition$", -) -k8s_yaml(helm_non_crds) +k8s_yaml(helm( + 'deploy/helm/' + operator_name, + name=operator_name, + namespace="stackable-operators", + set=[ + helm_override_image_repository, + ], + values=helm_values, +)) diff --git a/crate-hashes.json b/crate-hashes.json index c7bba396..f14e4bde 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -5,11 +5,13 @@ "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#kube-runtime@2.0.1": "1a7bcl0w1jg71jc4iml0vjp8dpzy71mhxl012grxcy2xp5i6xvgf", "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#kube@2.0.1": "1a7bcl0w1jg71jc4iml0vjp8dpzy71mhxl012grxcy2xp5i6xvgf", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#k8s-version@0.1.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-certs@0.4.0": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-operator-derive@0.3.1": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-operator@0.105.0": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-shared@0.0.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-telemetry@0.6.1": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-versioned-macros@0.8.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-versioned@0.8.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-webhook@0.9.0": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/deploy/helm/kafka-operator/crds/crds.yaml b/deploy/helm/kafka-operator/crds/crds.yaml deleted file mode 100644 index d0e93f40..00000000 --- a/deploy/helm/kafka-operator/crds/crds.yaml +++ /dev/null @@ -1,1719 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kafkaclusters.kafka.stackable.tech - annotations: - helm.sh/resource-policy: keep -spec: - group: kafka.stackable.tech - names: - categories: [] - kind: KafkaCluster - plural: kafkaclusters - shortNames: - - kafka - singular: kafkacluster - scope: Namespaced - versions: - - additionalPrinterColumns: [] - name: v1alpha1 - schema: - openAPIV3Schema: - description: Auto-generated derived type for KafkaClusterSpec via `CustomResource` - properties: - spec: - description: |- - A Kafka cluster stacklet. This resource is managed by the Stackable operator for Apache Kafka. - Find more information on how to use it and the resources that the operator generates in the - [operator documentation](https://docs.stackable.tech/home/nightly/kafka/). - properties: - brokers: - description: |- - This struct represents a role - e.g. HDFS datanodes or Trino workers. It has a key-value-map containing - all the roleGroups that are part of this role. Additionally, there is a `config`, which is configurable - at the role *and* roleGroup level. Everything at roleGroup level is merged on top of what is configured - on role level. There is also a second form of config, which can only be configured - at role level, the `roleConfig`. - You can learn more about this in the - [Roles and role group concept documentation](https://docs.stackable.tech/home/nightly/concepts/roles-and-role-groups). - nullable: true - properties: - cliOverrides: - additionalProperties: - type: string - default: {} - type: object - config: - default: {} - properties: - affinity: - default: - nodeAffinity: null - nodeSelector: null - podAffinity: null - podAntiAffinity: null - description: |- - These configuration settings control - [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). - properties: - nodeAffinity: - description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - additionalProperties: - type: string - description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - podAffinity: - description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - podAntiAffinity: - description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - bootstrapListenerClass: - description: The ListenerClass used for bootstrapping new clients. Should use a stable ListenerClass to avoid unnecessary client restarts (such as `cluster-internal` or `external-stable`). - nullable: true - type: string - brokerListenerClass: - description: The ListenerClass used for connecting to brokers. Should use a direct connection ListenerClass to minimize cost and minimize performance overhead (such as `cluster-internal` or `external-unstable`). - nullable: true - type: string - gracefulShutdownTimeout: - description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. - nullable: true - type: string - logging: - default: - containers: {} - enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). - properties: - containers: - additionalProperties: - anyOf: - - required: - - custom - - {} - description: Log configuration of the container - properties: - console: - description: Configuration for the console appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - custom: - description: Log configuration provided in a ConfigMap - properties: - configMap: - description: ConfigMap containing the log configuration files - nullable: true - type: string - type: object - file: - description: Configuration for the file appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - loggers: - additionalProperties: - description: Configuration of a logger - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - default: {} - description: Configuration per logger - type: object - type: object - description: Log configuration per container. - type: object - enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. - nullable: true - type: boolean - type: object - requestedSecretLifetime: - description: |- - Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. - Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. - nullable: true - type: string - resources: - default: - cpu: - max: null - min: null - memory: - limit: null - runtimeLimits: {} - storage: - logDirs: - capacity: null - description: |- - Resource usage is configured here, this includes CPU usage, memory usage and disk storage - usage, if this role needs any. - properties: - cpu: - default: - max: null - min: null - properties: - max: - description: |- - The maximum amount of CPU cores that can be requested by Pods. - Equivalent to the `limit` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - min: - description: |- - The minimal amount of CPU cores that Pods need to run. - Equivalent to the `request` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - type: object - memory: - properties: - limit: - description: |- - The maximum amount of memory that should be available to the Pod. - Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), - which means these suffixes are supported: E, P, T, G, M, k. - You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. - For example, the following represent roughly the same value: - `128974848, 129e6, 129M, 128974848000m, 123Mi` - nullable: true - type: string - runtimeLimits: - description: Additional options that can be specified. - type: object - type: object - storage: - properties: - logDirs: - default: - capacity: null - properties: - capacity: - description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." - nullable: true - type: string - selectors: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClass: - nullable: true - type: string - type: object - type: object - type: object - type: object - configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} - description: |- - The `configOverrides` can be used to configure properties in product config files - that are not exposed in the CRD. Read the - [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) - and consult the operator specific usage guide documentation for details on the - available config files and settings for the specific product. - type: object - envOverrides: - additionalProperties: - type: string - default: {} - description: |- - `envOverrides` configure environment variables to be set in the Pods. - It is a map from strings to strings - environment variables and the value to set. - Read the - [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) - for more information and consult the operator specific usage guide to find out about - the product specific environment variables that are available. - type: object - jvmArgumentOverrides: - default: - add: [] - remove: [] - removeRegex: [] - description: |- - Allows overriding JVM arguments. - Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) - for details on the usage. - properties: - add: - default: [] - description: JVM arguments to be added - items: - type: string - type: array - remove: - default: [] - description: JVM arguments to be removed by exact match - items: - type: string - type: array - removeRegex: - default: [] - description: JVM arguments matching any of this regexes will be removed - items: - type: string - type: array - type: object - podOverrides: - default: {} - description: |- - In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) - to override any property that can be set on a Kubernetes Pod. - Read the - [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) - for more information. - type: object - x-kubernetes-preserve-unknown-fields: true - roleConfig: - default: - podDisruptionBudget: - enabled: true - maxUnavailable: null - description: This is a product-agnostic RoleConfig, which is sufficient for most of the products. - properties: - podDisruptionBudget: - default: - enabled: true - maxUnavailable: null - description: |- - This struct is used to configure: - - 1. If PodDisruptionBudgets are created by the operator - 2. The allowed number of Pods to be unavailable (`maxUnavailable`) - - Learn more in the - [allowed Pod disruptions documentation](https://docs.stackable.tech/home/nightly/concepts/operations/pod_disruptions). - properties: - enabled: - default: true - description: |- - Whether a PodDisruptionBudget should be written out for this role. - Disabling this enables you to specify your own - custom - one. - Defaults to true. - type: boolean - maxUnavailable: - description: |- - The number of Pods that are allowed to be down because of voluntary disruptions. - If you don't explicitly set this, the operator will use a sane default based - upon knowledge about the individual product. - format: uint16 - maximum: 65535.0 - minimum: 0.0 - nullable: true - type: integer - type: object - type: object - roleGroups: - additionalProperties: - properties: - cliOverrides: - additionalProperties: - type: string - default: {} - type: object - config: - default: {} - properties: - affinity: - default: - nodeAffinity: null - nodeSelector: null - podAffinity: null - podAntiAffinity: null - description: |- - These configuration settings control - [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). - properties: - nodeAffinity: - description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - additionalProperties: - type: string - description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - podAffinity: - description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - podAntiAffinity: - description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - bootstrapListenerClass: - description: The ListenerClass used for bootstrapping new clients. Should use a stable ListenerClass to avoid unnecessary client restarts (such as `cluster-internal` or `external-stable`). - nullable: true - type: string - brokerListenerClass: - description: The ListenerClass used for connecting to brokers. Should use a direct connection ListenerClass to minimize cost and minimize performance overhead (such as `cluster-internal` or `external-unstable`). - nullable: true - type: string - gracefulShutdownTimeout: - description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. - nullable: true - type: string - logging: - default: - containers: {} - enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). - properties: - containers: - additionalProperties: - anyOf: - - required: - - custom - - {} - description: Log configuration of the container - properties: - console: - description: Configuration for the console appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - custom: - description: Log configuration provided in a ConfigMap - properties: - configMap: - description: ConfigMap containing the log configuration files - nullable: true - type: string - type: object - file: - description: Configuration for the file appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - loggers: - additionalProperties: - description: Configuration of a logger - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - default: {} - description: Configuration per logger - type: object - type: object - description: Log configuration per container. - type: object - enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. - nullable: true - type: boolean - type: object - requestedSecretLifetime: - description: |- - Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. - Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. - nullable: true - type: string - resources: - default: - cpu: - max: null - min: null - memory: - limit: null - runtimeLimits: {} - storage: - logDirs: - capacity: null - description: |- - Resource usage is configured here, this includes CPU usage, memory usage and disk storage - usage, if this role needs any. - properties: - cpu: - default: - max: null - min: null - properties: - max: - description: |- - The maximum amount of CPU cores that can be requested by Pods. - Equivalent to the `limit` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - min: - description: |- - The minimal amount of CPU cores that Pods need to run. - Equivalent to the `request` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - type: object - memory: - properties: - limit: - description: |- - The maximum amount of memory that should be available to the Pod. - Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), - which means these suffixes are supported: E, P, T, G, M, k. - You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. - For example, the following represent roughly the same value: - `128974848, 129e6, 129M, 128974848000m, 123Mi` - nullable: true - type: string - runtimeLimits: - description: Additional options that can be specified. - type: object - type: object - storage: - properties: - logDirs: - default: - capacity: null - properties: - capacity: - description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." - nullable: true - type: string - selectors: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClass: - nullable: true - type: string - type: object - type: object - type: object - type: object - configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} - description: |- - The `configOverrides` can be used to configure properties in product config files - that are not exposed in the CRD. Read the - [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) - and consult the operator specific usage guide documentation for details on the - available config files and settings for the specific product. - type: object - envOverrides: - additionalProperties: - type: string - default: {} - description: |- - `envOverrides` configure environment variables to be set in the Pods. - It is a map from strings to strings - environment variables and the value to set. - Read the - [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) - for more information and consult the operator specific usage guide to find out about - the product specific environment variables that are available. - type: object - jvmArgumentOverrides: - default: - add: [] - remove: [] - removeRegex: [] - description: |- - Allows overriding JVM arguments. - Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) - for details on the usage. - properties: - add: - default: [] - description: JVM arguments to be added - items: - type: string - type: array - remove: - default: [] - description: JVM arguments to be removed by exact match - items: - type: string - type: array - removeRegex: - default: [] - description: JVM arguments matching any of this regexes will be removed - items: - type: string - type: array - type: object - podOverrides: - default: {} - description: |- - In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) - to override any property that can be set on a Kubernetes Pod. - Read the - [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) - for more information. - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: uint16 - maximum: 65535.0 - minimum: 0.0 - nullable: true - type: integer - type: object - type: object - required: - - roleGroups - type: object - clusterConfig: - default: - authentication: [] - authorization: - opa: null - tls: - internalSecretClass: tls - serverSecretClass: tls - zookeeperConfigMapName: null - description: |- - Kafka settings that affect all roles and role groups. - - The settings in the `clusterConfig` are cluster wide settings that do not need to be configurable at role or role group level. - properties: - authentication: - default: [] - description: Authentication class settings for Kafka like mTLS authentication. - items: - properties: - authenticationClass: - description: |- - The AuthenticationClass to use. - - ## TLS provider - - Only affects client connections. This setting controls: - - If clients need to authenticate themselves against the broker via TLS - - Which ca.crt to use when validating the provided client certs - - This will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`. - - ## Kerberos provider - - This affects client connections and also requires TLS for encryption. - This setting is used to reference an `AuthenticationClass` and in turn, a `SecretClass` that is - used to create keytabs. - type: string - required: - - authenticationClass - type: object - type: array - authorization: - default: - opa: null - description: Authorization settings for Kafka like OPA. - properties: - opa: - description: |- - Configure the OPA stacklet [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) - and the name of the Rego package containing your authorization rules. - Consult the [OPA authorization documentation](https://docs.stackable.tech/home/nightly/concepts/opa) - to learn how to deploy Rego authorization rules with OPA. - nullable: true - properties: - configMapName: - description: |- - The [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) - for the OPA stacklet that should be used for authorization requests. - type: string - package: - description: The name of the Rego package containing the Rego rules for the product. - nullable: true - type: string - required: - - configMapName - type: object - type: object - brokerIdPodConfigMapName: - description: |- - Enable users to manually assign Kafka broker ids. - - Name of a ConfigMap containing a mapping of broker IDs to pod names. - The ConfigMap must contain a key for every broker pod in the cluster with the following format: - `: ` - - Example: - ``` - --- - apiVersion: v1 - kind: ConfigMap - metadata: - name: brokeridmapping - data: - simple-kafka-broker-default-0: "2000" - simple-kafka-broker-default-1: "2001" - simple-kafka-broker-default-2: "2002" - ``` - This is necessary when migrating from ZooKeeper to Kraft mode to retain existing broker IDs - because previously broker ids were generated by Kafka and not the operator. - nullable: true - type: string - metadataManager: - description: |- - Metadata manager to use for the Kafka cluster. - - IMPORTANT: This property will be removed as soon as Kafka 3.x support is dropped. - - Possible values are `zookeeper` and `kraft`. - - If not set, defaults to: - - - `zookeeper` for Kafka versions below `4.0.0`. - - `kraft` for Kafka versions `4.0.0` and higher. - - Using `zookeeper` for Kafka versions `4.0.0` and higher is not supported. - - When set to `kraft`, the operator will perform the following actions: - - * Generate the Kafka cluster id. - * Assign broker roles and configure controller quorum voters in the `broker.properties` files. - * Format storage before (re)starting Kafka brokers. - * Remove ZooKeeper related configuration options from the `broker.properties` files. - - Some of them cannot be performed with the ZooKeeper mode. - - This property is also useful when migrating from ZooKeeper to Kraft mode because it permits the operator - to reconcile controllers while still using ZooKeeper for brokers. - enum: - - zookeeper - - kraft - nullable: true - type: string - tls: - default: - internalSecretClass: tls - serverSecretClass: tls - description: TLS encryption settings for Kafka (server, internal). - nullable: true - properties: - internalSecretClass: - default: tls - description: |- - The [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass.html) to use for - internal broker communication. Use mutual verification between brokers (mandatory). - This setting controls: - - Which cert the brokers should use to authenticate themselves against other brokers - - Which ca.crt to use when validating the other brokers - - Defaults to `tls` - type: string - serverSecretClass: - default: tls - description: |- - The [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass.html) to use for - client connections. This setting controls: - - If TLS encryption is used at all - - Which cert the servers should use to authenticate themselves against the client - - Defaults to `tls`. - nullable: true - type: string - type: object - vectorAggregatorConfigMapName: - description: |- - Name of the Vector aggregator [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery). - It must contain the key `ADDRESS` with the address of the Vector aggregator. - Follow the [logging tutorial](https://docs.stackable.tech/home/nightly/tutorials/logging-vector-aggregator) - to learn how to configure log aggregation with Vector. - nullable: true - type: string - zookeeperConfigMapName: - description: |- - Provide the name of the ZooKeeper [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) - here. When using the [Stackable operator for Apache ZooKeeper](https://docs.stackable.tech/home/nightly/zookeeper/) - to deploy a ZooKeeper cluster, this will simply be the name of your ZookeeperCluster resource. - This can only be used up to Kafka version 3.9.x. Since Kafka 4.0.0, ZooKeeper support was dropped. - Please use the 'controller' role instead. - nullable: true - type: string - type: object - clusterOperation: - default: - reconciliationPaused: false - stopped: false - description: |- - [Cluster operations](https://docs.stackable.tech/home/nightly/concepts/operations/cluster_operations) - properties, allow stopping the product instance as well as pausing reconciliation. - properties: - reconciliationPaused: - default: false - description: |- - Flag to stop cluster reconciliation by the operator. This means that all changes in the - custom resource spec are ignored until this flag is set to false or removed. The operator - will however still watch the deployed resources at the time and update the custom resource - status field. - If applied at the same time with `stopped`, `reconciliationPaused` will take precedence over - `stopped` and stop the reconciliation immediately. - type: boolean - stopped: - default: false - description: |- - Flag to stop the cluster. This means all deployed resources (e.g. Services, StatefulSets, - ConfigMaps) are kept but all deployed Pods (e.g. replicas from a StatefulSet) are scaled to 0 - and therefore stopped and removed. - If applied at the same time with `reconciliationPaused`, the latter will pause reconciliation - and `stopped` will take no effect until `reconciliationPaused` is set to false or removed. - type: boolean - type: object - controllers: - description: |- - This struct represents a role - e.g. HDFS datanodes or Trino workers. It has a key-value-map containing - all the roleGroups that are part of this role. Additionally, there is a `config`, which is configurable - at the role *and* roleGroup level. Everything at roleGroup level is merged on top of what is configured - on role level. There is also a second form of config, which can only be configured - at role level, the `roleConfig`. - You can learn more about this in the - [Roles and role group concept documentation](https://docs.stackable.tech/home/nightly/concepts/roles-and-role-groups). - nullable: true - properties: - cliOverrides: - additionalProperties: - type: string - default: {} - type: object - config: - default: {} - properties: - affinity: - default: - nodeAffinity: null - nodeSelector: null - podAffinity: null - podAntiAffinity: null - description: |- - These configuration settings control - [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). - properties: - nodeAffinity: - description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - additionalProperties: - type: string - description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - podAffinity: - description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - podAntiAffinity: - description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - gracefulShutdownTimeout: - description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. - nullable: true - type: string - logging: - default: - containers: {} - enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). - properties: - containers: - additionalProperties: - anyOf: - - required: - - custom - - {} - description: Log configuration of the container - properties: - console: - description: Configuration for the console appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - custom: - description: Log configuration provided in a ConfigMap - properties: - configMap: - description: ConfigMap containing the log configuration files - nullable: true - type: string - type: object - file: - description: Configuration for the file appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - loggers: - additionalProperties: - description: Configuration of a logger - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - default: {} - description: Configuration per logger - type: object - type: object - description: Log configuration per container. - type: object - enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. - nullable: true - type: boolean - type: object - requestedSecretLifetime: - description: |- - Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. - Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. - nullable: true - type: string - resources: - default: - cpu: - max: null - min: null - memory: - limit: null - runtimeLimits: {} - storage: - logDirs: - capacity: null - description: |- - Resource usage is configured here, this includes CPU usage, memory usage and disk storage - usage, if this role needs any. - properties: - cpu: - default: - max: null - min: null - properties: - max: - description: |- - The maximum amount of CPU cores that can be requested by Pods. - Equivalent to the `limit` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - min: - description: |- - The minimal amount of CPU cores that Pods need to run. - Equivalent to the `request` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - type: object - memory: - properties: - limit: - description: |- - The maximum amount of memory that should be available to the Pod. - Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), - which means these suffixes are supported: E, P, T, G, M, k. - You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. - For example, the following represent roughly the same value: - `128974848, 129e6, 129M, 128974848000m, 123Mi` - nullable: true - type: string - runtimeLimits: - description: Additional options that can be specified. - type: object - type: object - storage: - properties: - logDirs: - default: - capacity: null - properties: - capacity: - description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." - nullable: true - type: string - selectors: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClass: - nullable: true - type: string - type: object - type: object - type: object - type: object - configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} - description: |- - The `configOverrides` can be used to configure properties in product config files - that are not exposed in the CRD. Read the - [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) - and consult the operator specific usage guide documentation for details on the - available config files and settings for the specific product. - type: object - envOverrides: - additionalProperties: - type: string - default: {} - description: |- - `envOverrides` configure environment variables to be set in the Pods. - It is a map from strings to strings - environment variables and the value to set. - Read the - [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) - for more information and consult the operator specific usage guide to find out about - the product specific environment variables that are available. - type: object - jvmArgumentOverrides: - default: - add: [] - remove: [] - removeRegex: [] - description: |- - Allows overriding JVM arguments. - Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) - for details on the usage. - properties: - add: - default: [] - description: JVM arguments to be added - items: - type: string - type: array - remove: - default: [] - description: JVM arguments to be removed by exact match - items: - type: string - type: array - removeRegex: - default: [] - description: JVM arguments matching any of this regexes will be removed - items: - type: string - type: array - type: object - podOverrides: - default: {} - description: |- - In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) - to override any property that can be set on a Kubernetes Pod. - Read the - [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) - for more information. - type: object - x-kubernetes-preserve-unknown-fields: true - roleConfig: - default: - podDisruptionBudget: - enabled: true - maxUnavailable: null - description: This is a product-agnostic RoleConfig, which is sufficient for most of the products. - properties: - podDisruptionBudget: - default: - enabled: true - maxUnavailable: null - description: |- - This struct is used to configure: - - 1. If PodDisruptionBudgets are created by the operator - 2. The allowed number of Pods to be unavailable (`maxUnavailable`) - - Learn more in the - [allowed Pod disruptions documentation](https://docs.stackable.tech/home/nightly/concepts/operations/pod_disruptions). - properties: - enabled: - default: true - description: |- - Whether a PodDisruptionBudget should be written out for this role. - Disabling this enables you to specify your own - custom - one. - Defaults to true. - type: boolean - maxUnavailable: - description: |- - The number of Pods that are allowed to be down because of voluntary disruptions. - If you don't explicitly set this, the operator will use a sane default based - upon knowledge about the individual product. - format: uint16 - maximum: 65535.0 - minimum: 0.0 - nullable: true - type: integer - type: object - type: object - roleGroups: - additionalProperties: - properties: - cliOverrides: - additionalProperties: - type: string - default: {} - type: object - config: - default: {} - properties: - affinity: - default: - nodeAffinity: null - nodeSelector: null - podAffinity: null - podAntiAffinity: null - description: |- - These configuration settings control - [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). - properties: - nodeAffinity: - description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - additionalProperties: - type: string - description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - podAffinity: - description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - podAntiAffinity: - description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - gracefulShutdownTimeout: - description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. - nullable: true - type: string - logging: - default: - containers: {} - enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). - properties: - containers: - additionalProperties: - anyOf: - - required: - - custom - - {} - description: Log configuration of the container - properties: - console: - description: Configuration for the console appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - custom: - description: Log configuration provided in a ConfigMap - properties: - configMap: - description: ConfigMap containing the log configuration files - nullable: true - type: string - type: object - file: - description: Configuration for the file appender - nullable: true - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - loggers: - additionalProperties: - description: Configuration of a logger - properties: - level: - description: |- - The log level threshold. - Log events with a lower log level are discarded. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - NONE - nullable: true - type: string - type: object - default: {} - description: Configuration per logger - type: object - type: object - description: Log configuration per container. - type: object - enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. - nullable: true - type: boolean - type: object - requestedSecretLifetime: - description: |- - Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. - Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. - nullable: true - type: string - resources: - default: - cpu: - max: null - min: null - memory: - limit: null - runtimeLimits: {} - storage: - logDirs: - capacity: null - description: |- - Resource usage is configured here, this includes CPU usage, memory usage and disk storage - usage, if this role needs any. - properties: - cpu: - default: - max: null - min: null - properties: - max: - description: |- - The maximum amount of CPU cores that can be requested by Pods. - Equivalent to the `limit` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - min: - description: |- - The minimal amount of CPU cores that Pods need to run. - Equivalent to the `request` for Pod resource configuration. - Cores are specified either as a decimal point number or as milli units. - For example:`1.5` will be 1.5 cores, also written as `1500m`. - nullable: true - type: string - type: object - memory: - properties: - limit: - description: |- - The maximum amount of memory that should be available to the Pod. - Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), - which means these suffixes are supported: E, P, T, G, M, k. - You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. - For example, the following represent roughly the same value: - `128974848, 129e6, 129M, 128974848000m, 123Mi` - nullable: true - type: string - runtimeLimits: - description: Additional options that can be specified. - type: object - type: object - storage: - properties: - logDirs: - default: - capacity: null - properties: - capacity: - description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." - nullable: true - type: string - selectors: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClass: - nullable: true - type: string - type: object - type: object - type: object - type: object - configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} - description: |- - The `configOverrides` can be used to configure properties in product config files - that are not exposed in the CRD. Read the - [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) - and consult the operator specific usage guide documentation for details on the - available config files and settings for the specific product. - type: object - envOverrides: - additionalProperties: - type: string - default: {} - description: |- - `envOverrides` configure environment variables to be set in the Pods. - It is a map from strings to strings - environment variables and the value to set. - Read the - [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) - for more information and consult the operator specific usage guide to find out about - the product specific environment variables that are available. - type: object - jvmArgumentOverrides: - default: - add: [] - remove: [] - removeRegex: [] - description: |- - Allows overriding JVM arguments. - Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) - for details on the usage. - properties: - add: - default: [] - description: JVM arguments to be added - items: - type: string - type: array - remove: - default: [] - description: JVM arguments to be removed by exact match - items: - type: string - type: array - removeRegex: - default: [] - description: JVM arguments matching any of this regexes will be removed - items: - type: string - type: array - type: object - podOverrides: - default: {} - description: |- - In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) - to override any property that can be set on a Kubernetes Pod. - Read the - [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) - for more information. - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: uint16 - maximum: 65535.0 - minimum: 0.0 - nullable: true - type: integer - type: object - type: object - required: - - roleGroups - type: object - image: - anyOf: - - required: - - custom - - productVersion - - required: - - productVersion - description: |- - Specify which image to use, the easiest way is to only configure the `productVersion`. - You can also configure a custom image registry to pull from, as well as completely custom - images. - - Consult the [Product image selection documentation](https://docs.stackable.tech/home/nightly/concepts/product_image_selection) - for details. - properties: - custom: - description: |- - Overwrite the docker image. - Specify the full docker image name, e.g. `oci.stackable.tech/sdp/superset:1.4.1-stackable2.1.0` - type: string - productVersion: - description: Version of the product, e.g. `1.4.1`. - type: string - pullPolicy: - default: Always - description: '[Pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) used when pulling the image.' - enum: - - IfNotPresent - - Always - - Never - type: string - pullSecrets: - description: '[Image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) to pull images from a private registry.' - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - nullable: true - type: array - repo: - description: Name of the docker repo, e.g. `oci.stackable.tech/sdp` - nullable: true - type: string - stackableVersion: - description: |- - Stackable version of the product, e.g. `23.4`, `23.4.1` or `0.0.0-dev`. - If not specified, the operator will use its own version, e.g. `23.4.1`. - When using a nightly operator or a pr version, it will use the nightly `0.0.0-dev` image. - nullable: true - type: string - type: object - objectOverrides: - default: [] - description: |- - A list of generic Kubernetes objects, which are merged into the objects that the operator - creates. - - List entries are arbitrary YAML objects, which need to be valid Kubernetes objects. - - Read the [Object overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#object-overrides) - for more information. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - required: - - image - type: object - status: - nullable: true - properties: - conditions: - default: [] - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - nullable: true - type: string - message: - description: A human readable message indicating details about the transition. - nullable: true - type: string - reason: - description: The reason for the condition's last transition. - nullable: true - type: string - status: - description: Status of the condition, one of True, False, Unknown. - enum: - - 'True' - - 'False' - - Unknown - type: string - type: - description: Type of deployment condition. - enum: - - Available - - Degraded - - Progressing - - ReconciliationPaused - - Stopped - type: string - required: - - status - - type - type: object - type: array - type: object - required: - - spec - title: KafkaCluster - type: object - served: true - storage: true - subresources: - status: {} diff --git a/deploy/helm/kafka-operator/templates/deployment.yaml b/deploy/helm/kafka-operator/templates/deployment.yaml index 4601af6f..0f4d902e 100644 --- a/deploy/helm/kafka-operator/templates/deployment.yaml +++ b/deploy/helm/kafka-operator/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: + {{- if .Values.maintenance.customResourceDefinitions.maintain }} + webhook.stackable.tech/conversion: enabled + {{- end }} {{- include "operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.image.pullSecrets }} @@ -78,7 +81,9 @@ spec: - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain | quote }} {{- end }} + {{- include "telemetry.envVars" . | nindent 12 }} + {{- include "maintenance.envVars" . | nindent 12 }} volumes: - name: config-spec configMap: diff --git a/deploy/helm/kafka-operator/templates/roles.yaml b/deploy/helm/kafka-operator/templates/roles.yaml index 79a6c5f6..8932113a 100644 --- a/deploy/helm/kafka-operator/templates/roles.yaml +++ b/deploy/helm/kafka-operator/templates/roles.yaml @@ -91,6 +91,12 @@ rules: - customresourcedefinitions verbs: - get + # Required to maintain the CRD. The operator needs to do this, as it needs to enter e.g. it's + # generated certificate in the conversion webhook. + {{- if .Values.maintenance.customResourceDefinitions.maintain }} + - create + - patch + {{- end }} - apiGroups: - events.k8s.io resources: diff --git a/deploy/helm/kafka-operator/templates/service.yaml b/deploy/helm/kafka-operator/templates/service.yaml index 0cb05696..978f914d 100644 --- a/deploy/helm/kafka-operator/templates/service.yaml +++ b/deploy/helm/kafka-operator/templates/service.yaml @@ -11,7 +11,10 @@ metadata: {{- include "operator.labels" . | nindent 4 }} spec: selector: - {{- include "operator.selectorLabels" . | nindent 6 }} + {{- if .Values.maintenance.customResourceDefinitions.maintain }} + webhook.stackable.tech/conversion: enabled + {{- end }} + {{- include "operator.selectorLabels" . | nindent 4 }} ports: - name: conversion-webhook protocol: TCP diff --git a/deploy/helm/kafka-operator/values.yaml b/deploy/helm/kafka-operator/values.yaml index 90121316..e776e28f 100644 --- a/deploy/helm/kafka-operator/values.yaml +++ b/deploy/helm/kafka-operator/values.yaml @@ -52,6 +52,15 @@ affinity: {} # See the https://docs.stackable.tech/home/stable/guides/kubernetes-cluster-domain guide for details. # kubernetesClusterDomain: my-cluster.local +maintenance: + endOfSupportCheck: + enabled: true + # mode: offline + # interval: 24h + + customResourceDefinitions: + maintain: true + # See all available options and detailed explanations about the concept here: # https://docs.stackable.tech/home/stable/concepts/telemetry/ telemetry: diff --git a/extra/crds.yaml b/extra/crds.yaml new file mode 100644 index 00000000..e3f8c307 --- /dev/null +++ b/extra/crds.yaml @@ -0,0 +1,1717 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkaclusters.kafka.stackable.tech +spec: + group: kafka.stackable.tech + names: + categories: [] + kind: KafkaCluster + plural: kafkaclusters + shortNames: + - kafka + singular: kafkacluster + scope: Namespaced + versions: + - additionalPrinterColumns: [] + name: v1alpha1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KafkaClusterSpec via `CustomResource` + properties: + spec: + description: |- + A Kafka cluster stacklet. This resource is managed by the Stackable operator for Apache Kafka. + Find more information on how to use it and the resources that the operator generates in the + [operator documentation](https://docs.stackable.tech/home/nightly/kafka/). + properties: + brokers: + description: |- + This struct represents a role - e.g. HDFS datanodes or Trino workers. It has a key-value-map containing + all the roleGroups that are part of this role. Additionally, there is a `config`, which is configurable + at the role *and* roleGroup level. Everything at roleGroup level is merged on top of what is configured + on role level. There is also a second form of config, which can only be configured + at role level, the `roleConfig`. + You can learn more about this in the + [Roles and role group concept documentation](https://docs.stackable.tech/home/nightly/concepts/roles-and-role-groups). + nullable: true + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + affinity: + default: + nodeAffinity: null + nodeSelector: null + podAffinity: null + podAntiAffinity: null + description: |- + These configuration settings control + [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + properties: + nodeAffinity: + description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + additionalProperties: + type: string + description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + podAffinity: + description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + podAntiAffinity: + description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + bootstrapListenerClass: + description: The ListenerClass used for bootstrapping new clients. Should use a stable ListenerClass to avoid unnecessary client restarts (such as `cluster-internal` or `external-stable`). + nullable: true + type: string + brokerListenerClass: + description: The ListenerClass used for connecting to brokers. Should use a direct connection ListenerClass to minimize cost and minimize performance overhead (such as `cluster-internal` or `external-unstable`). + nullable: true + type: string + gracefulShutdownTimeout: + description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. + nullable: true + type: string + logging: + default: + containers: {} + enableVectorAgent: null + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Log configuration of the container + properties: + console: + description: Configuration for the console appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Log configuration provided in a ConfigMap + properties: + configMap: + description: ConfigMap containing the log configuration files + nullable: true + type: string + type: object + file: + description: Configuration for the file appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + description: Configuration of a logger + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + description: Configuration per logger + type: object + type: object + description: Log configuration per container. + type: object + enableVectorAgent: + description: Wether or not to deploy a container with the Vector log agent. + nullable: true + type: boolean + type: object + requestedSecretLifetime: + description: |- + Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. + Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. + nullable: true + type: string + resources: + default: + cpu: + max: null + min: null + memory: + limit: null + runtimeLimits: {} + storage: + logDirs: + capacity: null + description: |- + Resource usage is configured here, this includes CPU usage, memory usage and disk storage + usage, if this role needs any. + properties: + cpu: + default: + max: null + min: null + properties: + max: + description: |- + The maximum amount of CPU cores that can be requested by Pods. + Equivalent to the `limit` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + min: + description: |- + The minimal amount of CPU cores that Pods need to run. + Equivalent to the `request` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + type: object + memory: + properties: + limit: + description: |- + The maximum amount of memory that should be available to the Pod. + Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), + which means these suffixes are supported: E, P, T, G, M, k. + You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. + For example, the following represent roughly the same value: + `128974848, 129e6, 129M, 128974848000m, 123Mi` + nullable: true + type: string + runtimeLimits: + description: Additional options that can be specified. + type: object + type: object + storage: + properties: + logDirs: + default: + capacity: null + properties: + capacity: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + selectors: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClass: + nullable: true + type: string + type: object + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + description: |- + The `configOverrides` can be used to configure properties in product config files + that are not exposed in the CRD. Read the + [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) + and consult the operator specific usage guide documentation for details on the + available config files and settings for the specific product. + type: object + envOverrides: + additionalProperties: + type: string + default: {} + description: |- + `envOverrides` configure environment variables to be set in the Pods. + It is a map from strings to strings - environment variables and the value to set. + Read the + [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) + for more information and consult the operator specific usage guide to find out about + the product specific environment variables that are available. + type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: |- + Allows overriding JVM arguments. + Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) + for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object + podOverrides: + default: {} + description: |- + In the `podOverrides` property you can define a + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) + to override any property that can be set on a Kubernetes Pod. + Read the + [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) + for more information. + type: object + x-kubernetes-preserve-unknown-fields: true + roleConfig: + default: + podDisruptionBudget: + enabled: true + maxUnavailable: null + description: This is a product-agnostic RoleConfig, which is sufficient for most of the products. + properties: + podDisruptionBudget: + default: + enabled: true + maxUnavailable: null + description: |- + This struct is used to configure: + + 1. If PodDisruptionBudgets are created by the operator + 2. The allowed number of Pods to be unavailable (`maxUnavailable`) + + Learn more in the + [allowed Pod disruptions documentation](https://docs.stackable.tech/home/nightly/concepts/operations/pod_disruptions). + properties: + enabled: + default: true + description: |- + Whether a PodDisruptionBudget should be written out for this role. + Disabling this enables you to specify your own - custom - one. + Defaults to true. + type: boolean + maxUnavailable: + description: |- + The number of Pods that are allowed to be down because of voluntary disruptions. + If you don't explicitly set this, the operator will use a sane default based + upon knowledge about the individual product. + format: uint16 + maximum: 65535.0 + minimum: 0.0 + nullable: true + type: integer + type: object + type: object + roleGroups: + additionalProperties: + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + affinity: + default: + nodeAffinity: null + nodeSelector: null + podAffinity: null + podAntiAffinity: null + description: |- + These configuration settings control + [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + properties: + nodeAffinity: + description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + additionalProperties: + type: string + description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + podAffinity: + description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + podAntiAffinity: + description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + bootstrapListenerClass: + description: The ListenerClass used for bootstrapping new clients. Should use a stable ListenerClass to avoid unnecessary client restarts (such as `cluster-internal` or `external-stable`). + nullable: true + type: string + brokerListenerClass: + description: The ListenerClass used for connecting to brokers. Should use a direct connection ListenerClass to minimize cost and minimize performance overhead (such as `cluster-internal` or `external-unstable`). + nullable: true + type: string + gracefulShutdownTimeout: + description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. + nullable: true + type: string + logging: + default: + containers: {} + enableVectorAgent: null + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Log configuration of the container + properties: + console: + description: Configuration for the console appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Log configuration provided in a ConfigMap + properties: + configMap: + description: ConfigMap containing the log configuration files + nullable: true + type: string + type: object + file: + description: Configuration for the file appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + description: Configuration of a logger + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + description: Configuration per logger + type: object + type: object + description: Log configuration per container. + type: object + enableVectorAgent: + description: Wether or not to deploy a container with the Vector log agent. + nullable: true + type: boolean + type: object + requestedSecretLifetime: + description: |- + Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. + Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. + nullable: true + type: string + resources: + default: + cpu: + max: null + min: null + memory: + limit: null + runtimeLimits: {} + storage: + logDirs: + capacity: null + description: |- + Resource usage is configured here, this includes CPU usage, memory usage and disk storage + usage, if this role needs any. + properties: + cpu: + default: + max: null + min: null + properties: + max: + description: |- + The maximum amount of CPU cores that can be requested by Pods. + Equivalent to the `limit` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + min: + description: |- + The minimal amount of CPU cores that Pods need to run. + Equivalent to the `request` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + type: object + memory: + properties: + limit: + description: |- + The maximum amount of memory that should be available to the Pod. + Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), + which means these suffixes are supported: E, P, T, G, M, k. + You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. + For example, the following represent roughly the same value: + `128974848, 129e6, 129M, 128974848000m, 123Mi` + nullable: true + type: string + runtimeLimits: + description: Additional options that can be specified. + type: object + type: object + storage: + properties: + logDirs: + default: + capacity: null + properties: + capacity: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + selectors: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClass: + nullable: true + type: string + type: object + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + description: |- + The `configOverrides` can be used to configure properties in product config files + that are not exposed in the CRD. Read the + [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) + and consult the operator specific usage guide documentation for details on the + available config files and settings for the specific product. + type: object + envOverrides: + additionalProperties: + type: string + default: {} + description: |- + `envOverrides` configure environment variables to be set in the Pods. + It is a map from strings to strings - environment variables and the value to set. + Read the + [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) + for more information and consult the operator specific usage guide to find out about + the product specific environment variables that are available. + type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: |- + Allows overriding JVM arguments. + Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) + for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object + podOverrides: + default: {} + description: |- + In the `podOverrides` property you can define a + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) + to override any property that can be set on a Kubernetes Pod. + Read the + [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) + for more information. + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: uint16 + maximum: 65535.0 + minimum: 0.0 + nullable: true + type: integer + type: object + type: object + required: + - roleGroups + type: object + clusterConfig: + default: + authentication: [] + authorization: + opa: null + tls: + internalSecretClass: tls + serverSecretClass: tls + zookeeperConfigMapName: null + description: |- + Kafka settings that affect all roles and role groups. + + The settings in the `clusterConfig` are cluster wide settings that do not need to be configurable at role or role group level. + properties: + authentication: + default: [] + description: Authentication class settings for Kafka like mTLS authentication. + items: + properties: + authenticationClass: + description: |- + The AuthenticationClass to use. + + ## TLS provider + + Only affects client connections. This setting controls: + - If clients need to authenticate themselves against the broker via TLS + - Which ca.crt to use when validating the provided client certs + + This will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`. + + ## Kerberos provider + + This affects client connections and also requires TLS for encryption. + This setting is used to reference an `AuthenticationClass` and in turn, a `SecretClass` that is + used to create keytabs. + type: string + required: + - authenticationClass + type: object + type: array + authorization: + default: + opa: null + description: Authorization settings for Kafka like OPA. + properties: + opa: + description: |- + Configure the OPA stacklet [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) + and the name of the Rego package containing your authorization rules. + Consult the [OPA authorization documentation](https://docs.stackable.tech/home/nightly/concepts/opa) + to learn how to deploy Rego authorization rules with OPA. + nullable: true + properties: + configMapName: + description: |- + The [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) + for the OPA stacklet that should be used for authorization requests. + type: string + package: + description: The name of the Rego package containing the Rego rules for the product. + nullable: true + type: string + required: + - configMapName + type: object + type: object + brokerIdPodConfigMapName: + description: |- + Enable users to manually assign Kafka broker ids. + + Name of a ConfigMap containing a mapping of broker IDs to pod names. + The ConfigMap must contain a key for every broker pod in the cluster with the following format: + `: ` + + Example: + ``` + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: brokeridmapping + data: + simple-kafka-broker-default-0: "2000" + simple-kafka-broker-default-1: "2001" + simple-kafka-broker-default-2: "2002" + ``` + This is necessary when migrating from ZooKeeper to Kraft mode to retain existing broker IDs + because previously broker ids were generated by Kafka and not the operator. + nullable: true + type: string + metadataManager: + description: |- + Metadata manager to use for the Kafka cluster. + + IMPORTANT: This property will be removed as soon as Kafka 3.x support is dropped. + + Possible values are `zookeeper` and `kraft`. + + If not set, defaults to: + + - `zookeeper` for Kafka versions below `4.0.0`. + - `kraft` for Kafka versions `4.0.0` and higher. + + Using `zookeeper` for Kafka versions `4.0.0` and higher is not supported. + + When set to `kraft`, the operator will perform the following actions: + + * Generate the Kafka cluster id. + * Assign broker roles and configure controller quorum voters in the `broker.properties` files. + * Format storage before (re)starting Kafka brokers. + * Remove ZooKeeper related configuration options from the `broker.properties` files. + + Some of them cannot be performed with the ZooKeeper mode. + + This property is also useful when migrating from ZooKeeper to Kraft mode because it permits the operator + to reconcile controllers while still using ZooKeeper for brokers. + enum: + - zookeeper + - kraft + nullable: true + type: string + tls: + default: + internalSecretClass: tls + serverSecretClass: tls + description: TLS encryption settings for Kafka (server, internal). + nullable: true + properties: + internalSecretClass: + default: tls + description: |- + The [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass.html) to use for + internal broker communication. Use mutual verification between brokers (mandatory). + This setting controls: + - Which cert the brokers should use to authenticate themselves against other brokers + - Which ca.crt to use when validating the other brokers + + Defaults to `tls` + type: string + serverSecretClass: + default: tls + description: |- + The [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass.html) to use for + client connections. This setting controls: + - If TLS encryption is used at all + - Which cert the servers should use to authenticate themselves against the client + + Defaults to `tls`. + nullable: true + type: string + type: object + vectorAggregatorConfigMapName: + description: |- + Name of the Vector aggregator [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery). + It must contain the key `ADDRESS` with the address of the Vector aggregator. + Follow the [logging tutorial](https://docs.stackable.tech/home/nightly/tutorials/logging-vector-aggregator) + to learn how to configure log aggregation with Vector. + nullable: true + type: string + zookeeperConfigMapName: + description: |- + Provide the name of the ZooKeeper [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) + here. When using the [Stackable operator for Apache ZooKeeper](https://docs.stackable.tech/home/nightly/zookeeper/) + to deploy a ZooKeeper cluster, this will simply be the name of your ZookeeperCluster resource. + This can only be used up to Kafka version 3.9.x. Since Kafka 4.0.0, ZooKeeper support was dropped. + Please use the 'controller' role instead. + nullable: true + type: string + type: object + clusterOperation: + default: + reconciliationPaused: false + stopped: false + description: |- + [Cluster operations](https://docs.stackable.tech/home/nightly/concepts/operations/cluster_operations) + properties, allow stopping the product instance as well as pausing reconciliation. + properties: + reconciliationPaused: + default: false + description: |- + Flag to stop cluster reconciliation by the operator. This means that all changes in the + custom resource spec are ignored until this flag is set to false or removed. The operator + will however still watch the deployed resources at the time and update the custom resource + status field. + If applied at the same time with `stopped`, `reconciliationPaused` will take precedence over + `stopped` and stop the reconciliation immediately. + type: boolean + stopped: + default: false + description: |- + Flag to stop the cluster. This means all deployed resources (e.g. Services, StatefulSets, + ConfigMaps) are kept but all deployed Pods (e.g. replicas from a StatefulSet) are scaled to 0 + and therefore stopped and removed. + If applied at the same time with `reconciliationPaused`, the latter will pause reconciliation + and `stopped` will take no effect until `reconciliationPaused` is set to false or removed. + type: boolean + type: object + controllers: + description: |- + This struct represents a role - e.g. HDFS datanodes or Trino workers. It has a key-value-map containing + all the roleGroups that are part of this role. Additionally, there is a `config`, which is configurable + at the role *and* roleGroup level. Everything at roleGroup level is merged on top of what is configured + on role level. There is also a second form of config, which can only be configured + at role level, the `roleConfig`. + You can learn more about this in the + [Roles and role group concept documentation](https://docs.stackable.tech/home/nightly/concepts/roles-and-role-groups). + nullable: true + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + affinity: + default: + nodeAffinity: null + nodeSelector: null + podAffinity: null + podAntiAffinity: null + description: |- + These configuration settings control + [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + properties: + nodeAffinity: + description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + additionalProperties: + type: string + description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + podAffinity: + description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + podAntiAffinity: + description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + gracefulShutdownTimeout: + description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. + nullable: true + type: string + logging: + default: + containers: {} + enableVectorAgent: null + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Log configuration of the container + properties: + console: + description: Configuration for the console appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Log configuration provided in a ConfigMap + properties: + configMap: + description: ConfigMap containing the log configuration files + nullable: true + type: string + type: object + file: + description: Configuration for the file appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + description: Configuration of a logger + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + description: Configuration per logger + type: object + type: object + description: Log configuration per container. + type: object + enableVectorAgent: + description: Wether or not to deploy a container with the Vector log agent. + nullable: true + type: boolean + type: object + requestedSecretLifetime: + description: |- + Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. + Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. + nullable: true + type: string + resources: + default: + cpu: + max: null + min: null + memory: + limit: null + runtimeLimits: {} + storage: + logDirs: + capacity: null + description: |- + Resource usage is configured here, this includes CPU usage, memory usage and disk storage + usage, if this role needs any. + properties: + cpu: + default: + max: null + min: null + properties: + max: + description: |- + The maximum amount of CPU cores that can be requested by Pods. + Equivalent to the `limit` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + min: + description: |- + The minimal amount of CPU cores that Pods need to run. + Equivalent to the `request` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + type: object + memory: + properties: + limit: + description: |- + The maximum amount of memory that should be available to the Pod. + Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), + which means these suffixes are supported: E, P, T, G, M, k. + You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. + For example, the following represent roughly the same value: + `128974848, 129e6, 129M, 128974848000m, 123Mi` + nullable: true + type: string + runtimeLimits: + description: Additional options that can be specified. + type: object + type: object + storage: + properties: + logDirs: + default: + capacity: null + properties: + capacity: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + selectors: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClass: + nullable: true + type: string + type: object + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + description: |- + The `configOverrides` can be used to configure properties in product config files + that are not exposed in the CRD. Read the + [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) + and consult the operator specific usage guide documentation for details on the + available config files and settings for the specific product. + type: object + envOverrides: + additionalProperties: + type: string + default: {} + description: |- + `envOverrides` configure environment variables to be set in the Pods. + It is a map from strings to strings - environment variables and the value to set. + Read the + [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) + for more information and consult the operator specific usage guide to find out about + the product specific environment variables that are available. + type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: |- + Allows overriding JVM arguments. + Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) + for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object + podOverrides: + default: {} + description: |- + In the `podOverrides` property you can define a + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) + to override any property that can be set on a Kubernetes Pod. + Read the + [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) + for more information. + type: object + x-kubernetes-preserve-unknown-fields: true + roleConfig: + default: + podDisruptionBudget: + enabled: true + maxUnavailable: null + description: This is a product-agnostic RoleConfig, which is sufficient for most of the products. + properties: + podDisruptionBudget: + default: + enabled: true + maxUnavailable: null + description: |- + This struct is used to configure: + + 1. If PodDisruptionBudgets are created by the operator + 2. The allowed number of Pods to be unavailable (`maxUnavailable`) + + Learn more in the + [allowed Pod disruptions documentation](https://docs.stackable.tech/home/nightly/concepts/operations/pod_disruptions). + properties: + enabled: + default: true + description: |- + Whether a PodDisruptionBudget should be written out for this role. + Disabling this enables you to specify your own - custom - one. + Defaults to true. + type: boolean + maxUnavailable: + description: |- + The number of Pods that are allowed to be down because of voluntary disruptions. + If you don't explicitly set this, the operator will use a sane default based + upon knowledge about the individual product. + format: uint16 + maximum: 65535.0 + minimum: 0.0 + nullable: true + type: integer + type: object + type: object + roleGroups: + additionalProperties: + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + affinity: + default: + nodeAffinity: null + nodeSelector: null + podAffinity: null + podAntiAffinity: null + description: |- + These configuration settings control + [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + properties: + nodeAffinity: + description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + additionalProperties: + type: string + description: Simple key-value pairs forming a nodeSelector, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + podAffinity: + description: Same as the `spec.affinity.podAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + podAntiAffinity: + description: Same as the `spec.affinity.podAntiAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + gracefulShutdownTimeout: + description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details. + nullable: true + type: string + logging: + default: + containers: {} + enableVectorAgent: null + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Log configuration of the container + properties: + console: + description: Configuration for the console appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Log configuration provided in a ConfigMap + properties: + configMap: + description: ConfigMap containing the log configuration files + nullable: true + type: string + type: object + file: + description: Configuration for the file appender + nullable: true + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + description: Configuration of a logger + properties: + level: + description: |- + The log level threshold. + Log events with a lower log level are discarded. + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + description: Configuration per logger + type: object + type: object + description: Log configuration per container. + type: object + enableVectorAgent: + description: Wether or not to deploy a container with the Vector log agent. + nullable: true + type: boolean + type: object + requestedSecretLifetime: + description: |- + Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. + Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate. + nullable: true + type: string + resources: + default: + cpu: + max: null + min: null + memory: + limit: null + runtimeLimits: {} + storage: + logDirs: + capacity: null + description: |- + Resource usage is configured here, this includes CPU usage, memory usage and disk storage + usage, if this role needs any. + properties: + cpu: + default: + max: null + min: null + properties: + max: + description: |- + The maximum amount of CPU cores that can be requested by Pods. + Equivalent to the `limit` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + min: + description: |- + The minimal amount of CPU cores that Pods need to run. + Equivalent to the `request` for Pod resource configuration. + Cores are specified either as a decimal point number or as milli units. + For example:`1.5` will be 1.5 cores, also written as `1500m`. + nullable: true + type: string + type: object + memory: + properties: + limit: + description: |- + The maximum amount of memory that should be available to the Pod. + Specified as a byte [Quantity](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/), + which means these suffixes are supported: E, P, T, G, M, k. + You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. + For example, the following represent roughly the same value: + `128974848, 129e6, 129M, 128974848000m, 123Mi` + nullable: true + type: string + runtimeLimits: + description: Additional options that can be specified. + type: object + type: object + storage: + properties: + logDirs: + default: + capacity: null + properties: + capacity: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + selectors: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClass: + nullable: true + type: string + type: object + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + description: |- + The `configOverrides` can be used to configure properties in product config files + that are not exposed in the CRD. Read the + [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) + and consult the operator specific usage guide documentation for details on the + available config files and settings for the specific product. + type: object + envOverrides: + additionalProperties: + type: string + default: {} + description: |- + `envOverrides` configure environment variables to be set in the Pods. + It is a map from strings to strings - environment variables and the value to set. + Read the + [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) + for more information and consult the operator specific usage guide to find out about + the product specific environment variables that are available. + type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: |- + Allows overriding JVM arguments. + Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) + for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object + podOverrides: + default: {} + description: |- + In the `podOverrides` property you can define a + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) + to override any property that can be set on a Kubernetes Pod. + Read the + [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) + for more information. + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: uint16 + maximum: 65535.0 + minimum: 0.0 + nullable: true + type: integer + type: object + type: object + required: + - roleGroups + type: object + image: + anyOf: + - required: + - custom + - productVersion + - required: + - productVersion + description: |- + Specify which image to use, the easiest way is to only configure the `productVersion`. + You can also configure a custom image registry to pull from, as well as completely custom + images. + + Consult the [Product image selection documentation](https://docs.stackable.tech/home/nightly/concepts/product_image_selection) + for details. + properties: + custom: + description: |- + Overwrite the docker image. + Specify the full docker image name, e.g. `oci.stackable.tech/sdp/superset:1.4.1-stackable2.1.0` + type: string + productVersion: + description: Version of the product, e.g. `1.4.1`. + type: string + pullPolicy: + default: Always + description: '[Pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) used when pulling the image.' + enum: + - IfNotPresent + - Always + - Never + type: string + pullSecrets: + description: '[Image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) to pull images from a private registry.' + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object + nullable: true + type: array + repo: + description: Name of the docker repo, e.g. `oci.stackable.tech/sdp` + nullable: true + type: string + stackableVersion: + description: |- + Stackable version of the product, e.g. `23.4`, `23.4.1` or `0.0.0-dev`. + If not specified, the operator will use its own version, e.g. `23.4.1`. + When using a nightly operator or a pr version, it will use the nightly `0.0.0-dev` image. + nullable: true + type: string + type: object + objectOverrides: + default: [] + description: |- + A list of generic Kubernetes objects, which are merged into the objects that the operator + creates. + + List entries are arbitrary YAML objects, which need to be valid Kubernetes objects. + + Read the [Object overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#object-overrides) + for more information. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + required: + - image + type: object + status: + nullable: true + properties: + conditions: + default: [] + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + nullable: true + type: string + message: + description: A human readable message indicating details about the transition. + nullable: true + type: string + reason: + description: The reason for the condition's last transition. + nullable: true + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Available + - Degraded + - Progressing + - ReconciliationPaused + - Stopped + type: string + required: + - status + - type + type: object + type: array + type: object + required: + - spec + title: KafkaCluster + type: object + served: true + storage: true + subresources: + status: {} diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index b1754b57..fcdae1bb 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -38,6 +38,7 @@ use crate::{ pub const DOCKER_IMAGE_BASE_NAME: &str = "kafka"; pub const APP_NAME: &str = "kafka"; pub const OPERATOR_NAME: &str = "kafka.stackable.tech"; +pub const FIELD_MANAGER: &str = "kafka-operator"; // metrics pub const METRICS_PORT_NAME: &str = "metrics"; pub const METRICS_PORT: u16 = 9606; diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 6bd6e4ba..d9ee245b 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -4,8 +4,9 @@ use std::sync::Arc; +use anyhow::anyhow; use clap::Parser; -use futures::{FutureExt, StreamExt}; +use futures::{FutureExt, StreamExt, TryFutureExt}; use stackable_operator::{ YamlSchema, cli::{Command, RunArguments}, @@ -36,6 +37,7 @@ use stackable_operator::{ use crate::{ crd::{KafkaCluster, KafkaClusterVersion, OPERATOR_NAME, v1alpha1}, kafka_controller::KAFKA_FULL_CONTROLLER_NAME, + webhooks::conversion::create_webhook_server, }; mod config; @@ -47,6 +49,7 @@ mod operations; mod product_logging; mod resource; mod utils; +mod webhooks; mod built_info { // The file has been placed there by the build script. @@ -75,9 +78,9 @@ async fn main() -> anyhow::Result<()> { Command::Run(KafkaRun { common: RunArguments { - product_config, + operator_environment, watch_namespace, - operator_environment: _, + product_config, maintenance, common, }, @@ -109,13 +112,25 @@ async fn main() -> anyhow::Result<()> { .run(sigterm_watcher.handle()) .map(anyhow::Ok); + let client = + client::initialize_operator(Some(OPERATOR_NAME.to_string()), &common.cluster_info) + .await?; + + let webhook_server = create_webhook_server( + &operator_environment, + maintenance.disable_crd_maintenance, + client.as_kube_client(), + ) + .await?; + + let webhook_server = webhook_server + .run(sigterm_watcher.handle()) + .map_err(|err| anyhow!(err).context("failed to run webhook server")); + let product_config = product_config.load(&[ "deploy/config-spec/properties.yaml", "/etc/stackable/kafka-operator/config-spec/properties.yaml", ])?; - let client = - client::initialize_operator(Some(OPERATOR_NAME.to_string()), &common.cluster_info) - .await?; let event_recorder = Arc::new(Recorder::new( client.as_kube_client(), @@ -194,7 +209,7 @@ async fn main() -> anyhow::Result<()> { ) .map(anyhow::Ok); - futures::try_join!(kafka_controller, eos_checker)?; + futures::try_join!(kafka_controller, eos_checker, webhook_server)?; } }; diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs new file mode 100644 index 00000000..a5b81a7f --- /dev/null +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -0,0 +1,52 @@ +use snafu::{ResultExt, Snafu}; +use stackable_operator::{ + cli::OperatorEnvironmentOptions, + kube::{Client, core::crd::MergeError}, + webhook::{ + WebhookServer, WebhookServerError, WebhookServerOptions, + webhooks::{ConversionWebhook, ConversionWebhookOptions}, + }, +}; + +use crate::crd::{FIELD_MANAGER, KafkaCluster, KafkaClusterVersion}; + +/// Contains errors which can be encountered when creating the conversion webhook server and the +/// CRD maintainer. +#[derive(Debug, Snafu)] +pub enum Error { + #[snafu(display("failed to merge CRD"))] + MergeCrd { source: MergeError }, + + #[snafu(display("failed to create conversion webhook server"))] + CreateWebhook { source: WebhookServerError }, +} + +/// Creates and returns a [`WebhookServer`]. +pub async fn create_webhook_server( + operator_environment: &OperatorEnvironmentOptions, + disable_crd_maintenance: bool, + client: Client, +) -> Result { + let crds_and_handlers = vec![( + KafkaCluster::merged_crd(KafkaClusterVersion::V1Alpha1).context(MergeCrdSnafu)?, + KafkaCluster::try_convert, + )]; + + let conversion_webhook_options = ConversionWebhookOptions { + disable_crd_maintenance, + field_manager: FIELD_MANAGER.to_owned(), + }; + + let (conversion_webhook, _initial_reconcile_rx) = + ConversionWebhook::new(crds_and_handlers, client, conversion_webhook_options); + + let webhook_server_options = WebhookServerOptions { + socket_addr: WebhookServer::DEFAULT_SOCKET_ADDRESS, + webhook_namespace: operator_environment.operator_namespace.to_owned(), + webhook_service_name: operator_environment.operator_service_name.to_owned(), + }; + + WebhookServer::new(vec![Box::new(conversion_webhook)], webhook_server_options) + .await + .context(CreateWebhookSnafu) +} diff --git a/rust/operator-binary/src/webhooks/mod.rs b/rust/operator-binary/src/webhooks/mod.rs new file mode 100644 index 00000000..11eb2fc0 --- /dev/null +++ b/rust/operator-binary/src/webhooks/mod.rs @@ -0,0 +1 @@ +pub mod conversion;