--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkabridges.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaBridge listKind: KafkaBridgeList singular: kafkabridge plural: kafkabridges shortNames: - kb categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka Bridge replicas jsonPath: .spec.replicas type: integer - name: Bootstrap Servers description: The boostrap servers jsonPath: .spec.bootstrapServers type: string priority: 1 - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: replicas: type: integer minimum: 0 description: >- The number of pods in the `Deployment`. Required in the `v1` version of the Strimzi API. Defaults to `1` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for HTTP Bridge pods. If no image name is explicitly specified, the image name corresponds to the image specified in the Cluster Operator configuration. If an image name is not defined in the Cluster Operator configuration, a default value is used. bootstrapServers: type: string description: >- A list of host:port pairs for establishing the initial connection to the Kafka cluster. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: TLS configuration for connecting HTTP Bridge to the cluster. authentication: type: object properties: certificateAndKey: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. sasl: type: boolean description: Enable or disable SASL on this authentication mechanism. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: Authentication configuration for connecting to the cluster. http: type: object properties: port: type: integer minimum: 1023 description: The port which is the server listening on. cors: type: object properties: allowedOrigins: type: array items: type: string description: >- List of allowed origins. Java regular expressions can be used. allowedMethods: type: array items: type: string description: List of allowed HTTP methods. required: - allowedOrigins - allowedMethods description: CORS configuration for the HTTP Bridge. description: The HTTP related configuration. adminClient: type: object properties: config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka AdminClient configuration used for AdminClient instances created by the bridge. description: Kafka AdminClient related configuration. consumer: type: object properties: enabled: type: boolean description: >- Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`). timeoutSeconds: type: integer description: >- The timeout in seconds for deleting inactive consumers, default is -1 (disabled). config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). description: Kafka consumer related configuration. producer: type: object properties: enabled: type: boolean description: >- Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`). config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). description: Kafka producer related configuration. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for HTTP Bridge. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the client.rack consumer configuration. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string enum: - RollingUpdate - Recreate description: >- Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for HTTP Bridge `Deployment`. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for HTTP Bridge `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for HTTP Bridge API `Service`. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for HTTP Bridge `PodDisruptionBudget`. bridgeContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the HTTP Bridge container. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the HTTP Bridge ClusterRoleBinding. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the HTTP Bridge service account. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the HTTP Bridge init container. description: >- Template for HTTP Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated. tracing: type: object properties: type: type: string enum: - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in HTTP Bridge. required: - replicas - bootstrapServers description: The specification of the HTTP Bridge. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL at which external client applications can access the HTTP Bridge. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the HTTP Bridge. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaBridge API is deprecated. Please use the v1 version instead. subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka Bridge replicas jsonPath: .spec.replicas type: integer - name: Bootstrap Servers description: The boostrap servers jsonPath: .spec.bootstrapServers type: string priority: 1 - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: replicas: type: integer minimum: 0 description: >- The number of pods in the `Deployment`. Required in the `v1` version of the Strimzi API. Defaults to `1` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for HTTP Bridge pods. If no image name is explicitly specified, the image name corresponds to the image specified in the Cluster Operator configuration. If an image name is not defined in the Cluster Operator configuration, a default value is used. bootstrapServers: type: string description: >- A list of host:port pairs for establishing the initial connection to the Kafka cluster. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: TLS configuration for connecting HTTP Bridge to the cluster. authentication: type: object properties: accessToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the access token which was obtained from the authorization server. accessTokenIsJwt: type: boolean description: >- Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. accessTokenLocation: type: string description: >- Path to the token file containing an access token to be used for authentication. audience: type: string description: >- OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. certificateAndKey: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. clientAssertion: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes secret containing the client assertion which was manually configured for the client. clientAssertionLocation: type: string description: >- Path to the file containing the client assertion to be used for authentication. clientAssertionType: type: string description: >- The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. clientId: type: string description: >- OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. clientSecret: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. connectTimeoutSeconds: type: integer description: >- The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds. disableTlsHostnameVerification: type: boolean description: >- Enable or disable TLS hostname verification. Default value is `false`. enableMetrics: type: boolean description: >- Enable or disable OAuth metrics. Default value is `false`. grantType: type: string description: >- A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations. httpRetries: type: integer description: >- The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. httpRetryPauseMs: type: integer description: >- The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. includeAcceptHeader: type: boolean description: >- Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. readTimeoutSeconds: type: integer description: >- The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds. refreshToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. sasl: type: boolean description: Enable or disable SASL on this authentication mechanism. saslExtensions: additionalProperties: type: string type: object description: SASL extensions parameters. scope: type: string description: >- OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: >- Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string description: Authorization server token endpoint URI. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - oauth - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: Authentication configuration for connecting to the cluster. http: type: object properties: port: type: integer minimum: 1023 description: The port which is the server listening on. cors: type: object properties: allowedOrigins: type: array items: type: string description: >- List of allowed origins. Java regular expressions can be used. allowedMethods: type: array items: type: string description: List of allowed HTTP methods. required: - allowedOrigins - allowedMethods description: CORS configuration for the HTTP Bridge. description: The HTTP related configuration. adminClient: type: object properties: config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka AdminClient configuration used for AdminClient instances created by the bridge. description: Kafka AdminClient related configuration. consumer: type: object properties: enabled: type: boolean description: >- Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`). timeoutSeconds: type: integer description: >- The timeout in seconds for deleting inactive consumers, default is -1 (disabled). config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). description: Kafka consumer related configuration. producer: type: object properties: enabled: type: boolean description: >- Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`). config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). description: Kafka producer related configuration. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for HTTP Bridge. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the client.rack consumer configuration. enableMetrics: type: boolean description: Enable the metrics for the HTTP Bridge. Default is false. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string enum: - RollingUpdate - Recreate description: >- Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for HTTP Bridge `Deployment`. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for HTTP Bridge `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for HTTP Bridge API `Service`. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for HTTP Bridge `PodDisruptionBudget`. bridgeContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the HTTP Bridge container. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the HTTP Bridge ClusterRoleBinding. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the HTTP Bridge service account. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the HTTP Bridge init container. description: >- Template for HTTP Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated. tracing: type: object properties: type: type: string enum: - jaeger - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in HTTP Bridge. required: - bootstrapServers description: The specification of the HTTP Bridge. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL at which external client applications can access the HTTP Bridge. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the HTTP Bridge. --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: strimzi-cluster-operator-entity-operator-delegation labels: app: strimzi namespace: kafka subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-entity-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkamirrormaker2s.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaMirrorMaker2 listKind: KafkaMirrorMaker2List singular: kafkamirrormaker2 plural: kafkamirrormaker2s shortNames: - kmm2 categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka MirrorMaker 2 replicas jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: version: type: string description: >- The Kafka Connect version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version. replicas: type: integer description: >- The number of pods in the Kafka Connect group. Required in the `v1` version of the Strimzi API. Defaults to `3` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for Kafka Connect pods. If no image name is explicitly specified, it is determined based on the `spec.version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration. target: type: object properties: alias: type: string pattern: '^[a-zA-Z0-9\._\-]{1,100}$' description: Alias used to reference the Kafka cluster. bootstrapServers: type: string description: >- A comma-separated list of `host:port` pairs for establishing the connection to the Kafka cluster. groupId: type: string description: >- A unique ID that identifies the Connect cluster group. Required. configStorageTopic: type: string description: >- The name of the Kafka topic where connector configurations are stored. Required. statusStorageTopic: type: string description: >- The name of the Kafka topic where connector and task statuses are stored. Required. offsetStorageTopic: type: string description: >- The name of the Kafka topic where source connector offsets are stored. Required. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: >- TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object properties: certificateAndKey: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. sasl: type: boolean description: >- Enable or disable SASL on this authentication mechanism. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: >- Authentication configuration for connecting to the cluster. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The MirrorMaker 2 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). required: - alias - bootstrapServers - groupId - configStorageTopic - statusStorageTopic - offsetStorageTopic description: >- The target Apache Kafka cluster. The target Kafka cluster is used by the underlying Kafka Connect framework for its internal topics. mirrors: type: array items: type: object properties: source: type: object properties: alias: type: string pattern: '^[a-zA-Z0-9\._\-]{1,100}$' description: Alias used to reference the Kafka cluster. bootstrapServers: type: string description: >- A comma-separated list of `host:port` pairs for establishing the connection to the Kafka cluster. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: >- TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object properties: certificateAndKey: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. passwordSecret: type: object properties: secretName: type: string description: >- The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: >- Reference to the `Secret` which holds the password. sasl: type: boolean description: >- Enable or disable SASL on this authentication mechanism. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: >- Authentication configuration for connecting to the cluster. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The MirrorMaker 2 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). required: - alias - bootstrapServers description: >- The source Apache Kafka cluster. The source Kafka cluster is used by the Kafka MirrorMaker 2 connectors. sourceConnector: type: object properties: tasksMax: type: integer minimum: 1 description: >- The maximum number of tasks for the Kafka Connector. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: >- The state the connector should be in. Defaults to running. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: >- Automatic restart of connector and tasks configuration. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: >- The specification of the Kafka MirrorMaker 2 source connector. checkpointConnector: type: object properties: tasksMax: type: integer minimum: 1 description: >- The maximum number of tasks for the Kafka Connector. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: >- The state the connector should be in. Defaults to running. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: >- Automatic restart of connector and tasks configuration. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: >- The specification of the Kafka MirrorMaker 2 checkpoint connector. topicsPattern: type: string description: >- A regular expression matching the topics to be mirrored, for example, "topic1\|topic2\|topic3". Comma-separated lists are also supported. topicsExcludePattern: type: string description: >- A regular expression matching the topics to exclude from mirroring. Comma-separated lists are also supported. groupsPattern: type: string description: >- A regular expression matching the consumer groups to be mirrored. Comma-separated lists are also supported. groupsExcludePattern: type: string description: >- A regular expression matching the consumer groups to exclude from mirroring. Comma-separated lists are also supported. required: - source description: Configuration of the MirrorMaker 2 connectors. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: >- The maximum limits for CPU and memory resources and the requested initial resources. livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password description: >- Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. required: - type description: >- Authentication configuration for connecting to the JMX port. description: JMX Options. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for Kafka Connect. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the `client.rack` consumer configuration. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required tracing: type: object properties: type: type: string enum: - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. template: type: object properties: podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect API `Service`. headlessService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect headless `Service`. connectContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for Kafka Connect `PodDisruptionBudget`. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: >- Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: >- Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. pullSecret: type: string description: >- Container Registry Secret with the credentials for pulling the base image. description: >- Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift. buildServiceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX authentication. description: >- Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. required: - replicas - target - mirrors description: The specification of the Kafka MirrorMaker 2 cluster. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. connectors: type: array items: x-kubernetes-preserve-unknown-fields: true type: object description: >- List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API. autoRestartStatuses: type: array items: type: object properties: count: type: integer description: >- The number of times the connector or task is restarted. connectorName: type: string description: The name of the connector being restarted. lastRestartTimestamp: type: string description: >- The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone. description: List of MirrorMaker 2 connector auto restart statuses. connectorPlugins: type: array items: type: object properties: class: type: string description: The class of the connector plugin. type: type: string description: >- The type of the connector plugin. The available types are `sink` and `source`. version: type: string description: The version of the connector plugin. description: >- The list of connector plugins available in this Kafka Connect deployment. labelSelector: type: string description: Label selector for pods providing this resource. replicas: type: integer description: >- The current number of pods being used to provide this resource. description: The status of the Kafka MirrorMaker 2 cluster. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaMirrorMaker2 API is deprecated. Please use the v1 version instead. subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka MirrorMaker 2 replicas jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: version: type: string description: >- The Kafka Connect version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version. replicas: type: integer description: >- The number of pods in the Kafka Connect group. Required in the `v1` version of the Strimzi API. Defaults to `3` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for Kafka Connect pods. If no image name is explicitly specified, it is determined based on the `spec.version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration. connectCluster: type: string description: >- The cluster alias used for Kafka Connect. The value must match the alias of the *target* Kafka cluster as specified in the `spec.clusters` configuration. The target Kafka cluster is used by the underlying Kafka Connect framework for its internal topics. clusters: type: array items: type: object properties: alias: type: string pattern: '^[a-zA-Z0-9\._\-]{1,100}$' description: Alias used to reference the Kafka cluster. bootstrapServers: type: string description: >- A comma-separated list of `host:port` pairs for establishing the connection to the Kafka cluster. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: >- TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object properties: accessToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the access token which was obtained from the authorization server. accessTokenIsJwt: type: boolean description: >- Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. accessTokenLocation: type: string description: >- Path to the token file containing an access token to be used for authentication. audience: type: string description: >- OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. certificateAndKey: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. clientAssertion: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes secret containing the client assertion which was manually configured for the client. clientAssertionLocation: type: string description: >- Path to the file containing the client assertion to be used for authentication. clientAssertionType: type: string description: >- The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. clientId: type: string description: >- OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. clientSecret: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. connectTimeoutSeconds: type: integer description: >- The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds. disableTlsHostnameVerification: type: boolean description: >- Enable or disable TLS hostname verification. Default value is `false`. enableMetrics: type: boolean description: >- Enable or disable OAuth metrics. Default value is `false`. grantType: type: string description: >- A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations. httpRetries: type: integer description: >- The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. httpRetryPauseMs: type: integer description: >- The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. includeAcceptHeader: type: boolean description: >- Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. passwordSecret: type: object properties: secretName: type: string description: >- The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: >- Reference to the `Secret` which holds the password. readTimeoutSeconds: type: integer description: >- The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds. refreshToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. sasl: type: boolean description: >- Enable or disable SASL on this authentication mechanism. saslExtensions: additionalProperties: type: string type: object description: SASL extensions parameters. scope: type: string description: >- OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: >- Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string description: Authorization server token endpoint URI. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - oauth - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: >- Authentication configuration for connecting to the cluster. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The MirrorMaker 2 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). required: - alias - bootstrapServers description: Kafka clusters for mirroring. target: type: object properties: alias: type: string pattern: '^[a-zA-Z0-9\._\-]{1,100}$' description: Alias used to reference the Kafka cluster. bootstrapServers: type: string description: >- A comma-separated list of `host:port` pairs for establishing the connection to the Kafka cluster. groupId: type: string description: >- A unique ID that identifies the Connect cluster group. Required. configStorageTopic: type: string description: >- The name of the Kafka topic where connector configurations are stored. Required. statusStorageTopic: type: string description: >- The name of the Kafka topic where connector and task statuses are stored. Required. offsetStorageTopic: type: string description: >- The name of the Kafka topic where source connector offsets are stored. Required. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: >- TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object properties: accessToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the access token which was obtained from the authorization server. accessTokenIsJwt: type: boolean description: >- Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. accessTokenLocation: type: string description: >- Path to the token file containing an access token to be used for authentication. audience: type: string description: >- OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. certificateAndKey: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. clientAssertion: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes secret containing the client assertion which was manually configured for the client. clientAssertionLocation: type: string description: >- Path to the file containing the client assertion to be used for authentication. clientAssertionType: type: string description: >- The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. clientId: type: string description: >- OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. clientSecret: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. connectTimeoutSeconds: type: integer description: >- The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds. disableTlsHostnameVerification: type: boolean description: >- Enable or disable TLS hostname verification. Default value is `false`. enableMetrics: type: boolean description: >- Enable or disable OAuth metrics. Default value is `false`. grantType: type: string description: >- A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations. httpRetries: type: integer description: >- The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. httpRetryPauseMs: type: integer description: >- The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. includeAcceptHeader: type: boolean description: >- Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. readTimeoutSeconds: type: integer description: >- The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds. refreshToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. sasl: type: boolean description: >- Enable or disable SASL on this authentication mechanism. saslExtensions: additionalProperties: type: string type: object description: SASL extensions parameters. scope: type: string description: >- OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: >- Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string description: Authorization server token endpoint URI. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - oauth - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: >- Authentication configuration for connecting to the cluster. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The MirrorMaker 2 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). required: - alias - bootstrapServers - groupId - configStorageTopic - statusStorageTopic - offsetStorageTopic description: >- The target Apache Kafka cluster. The target Kafka cluster is used by the underlying Kafka Connect framework for its internal topics. mirrors: type: array items: type: object properties: sourceCluster: type: string description: >- The alias of the source cluster used by the Kafka MirrorMaker 2 connectors. The alias must match a cluster in the list at `spec.clusters`. targetCluster: type: string description: >- The alias of the target cluster used by the Kafka MirrorMaker 2 connectors. The alias must match a cluster in the list at `spec.clusters`. source: type: object properties: alias: type: string pattern: '^[a-zA-Z0-9\._\-]{1,100}$' description: Alias used to reference the Kafka cluster. bootstrapServers: type: string description: >- A comma-separated list of `host:port` pairs for establishing the connection to the Kafka cluster. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: >- TLS configuration for connecting MirrorMaker 2 connectors to a cluster. authentication: type: object properties: accessToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the access token which was obtained from the authorization server. accessTokenIsJwt: type: boolean description: >- Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. accessTokenLocation: type: string description: >- Path to the token file containing an access token to be used for authentication. audience: type: string description: >- OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. certificateAndKey: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. clientAssertion: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes secret containing the client assertion which was manually configured for the client. clientAssertionLocation: type: string description: >- Path to the file containing the client assertion to be used for authentication. clientAssertionType: type: string description: >- The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. clientId: type: string description: >- OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. clientSecret: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. connectTimeoutSeconds: type: integer description: >- The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds. disableTlsHostnameVerification: type: boolean description: >- Enable or disable TLS hostname verification. Default value is `false`. enableMetrics: type: boolean description: >- Enable or disable OAuth metrics. Default value is `false`. grantType: type: string description: >- A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations. httpRetries: type: integer description: >- The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. httpRetryPauseMs: type: integer description: >- The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. includeAcceptHeader: type: boolean description: >- Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. passwordSecret: type: object properties: secretName: type: string description: >- The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: >- Reference to the `Secret` which holds the password. readTimeoutSeconds: type: integer description: >- The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds. refreshToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. sasl: type: boolean description: >- Enable or disable SASL on this authentication mechanism. saslExtensions: additionalProperties: type: string type: object description: SASL extensions parameters. scope: type: string description: >- OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string description: >- The name of the Secret containing the certificate. certificate: type: string description: >- The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: >- Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string description: Authorization server token endpoint URI. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - oauth - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: >- Authentication configuration for connecting to the cluster. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The MirrorMaker 2 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). required: - alias - bootstrapServers description: >- The source Apache Kafka cluster. The source Kafka cluster is used by the Kafka MirrorMaker 2 connectors. sourceConnector: type: object properties: tasksMax: type: integer minimum: 1 description: >- The maximum number of tasks for the Kafka Connector. pause: type: boolean description: >- Whether the connector should be paused. Defaults to false. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: >- The state the connector should be in. Defaults to running. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: >- Automatic restart of connector and tasks configuration. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: >- The specification of the Kafka MirrorMaker 2 source connector. heartbeatConnector: type: object properties: tasksMax: type: integer minimum: 1 description: >- The maximum number of tasks for the Kafka Connector. pause: type: boolean description: >- Whether the connector should be paused. Defaults to false. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: >- The state the connector should be in. Defaults to running. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: >- Automatic restart of connector and tasks configuration. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: >- The specification of the Kafka MirrorMaker 2 heartbeat connector. checkpointConnector: type: object properties: tasksMax: type: integer minimum: 1 description: >- The maximum number of tasks for the Kafka Connector. pause: type: boolean description: >- Whether the connector should be paused. Defaults to false. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: >- The state the connector should be in. Defaults to running. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: >- Automatic restart of connector and tasks configuration. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: >- The specification of the Kafka MirrorMaker 2 checkpoint connector. topicsPattern: type: string description: >- A regular expression matching the topics to be mirrored, for example, "topic1\|topic2\|topic3". Comma-separated lists are also supported. topicsBlacklistPattern: type: string description: >- A regular expression matching the topics to exclude from mirroring. Comma-separated lists are also supported. topicsExcludePattern: type: string description: >- A regular expression matching the topics to exclude from mirroring. Comma-separated lists are also supported. groupsPattern: type: string description: >- A regular expression matching the consumer groups to be mirrored. Comma-separated lists are also supported. groupsBlacklistPattern: type: string description: >- A regular expression matching the consumer groups to exclude from mirroring. Comma-separated lists are also supported. groupsExcludePattern: type: string description: >- A regular expression matching the consumer groups to exclude from mirroring. Comma-separated lists are also supported. description: Configuration of the MirrorMaker 2 connectors. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: >- The maximum limits for CPU and memory resources and the requested initial resources. livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password description: >- Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. required: - type description: >- Authentication configuration for connecting to the JMX port. description: JMX Options. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for Kafka Connect. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the `client.rack` consumer configuration. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required tracing: type: object properties: type: type: string enum: - jaeger - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string enum: - RollingUpdate - Recreate description: >- Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Kafka Connect `Deployment`. podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect API `Service`. headlessService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect headless `Service`. connectContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for Kafka Connect `PodDisruptionBudget`. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: >- Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: >- Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. pullSecret: type: string description: >- Container Registry Secret with the credentials for pulling the base image. description: >- Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift. buildServiceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX authentication. description: >- Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. externalConfiguration: type: object properties: env: type: array items: type: object properties: name: type: string description: >- Name of the environment variable which will be passed to the Kafka Connect pods. The name of the environment variable cannot start with `KAFKA_` or `STRIMZI_`. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a Secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a ConfigMap. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap. required: - name - valueFrom description: >- Makes data from a Secret or ConfigMap available in the Kafka Connect pods as environment variables. volumes: type: array items: type: object properties: name: type: string description: >- Name of the volume which will be added to the Kafka Connect pods. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: >- Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified. configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: >- Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified. oneOf: - properties: secret: {} required: - secret - properties: configMap: {} required: - configMap required: - name description: >- Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes. description: >- Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors. description: The specification of the Kafka MirrorMaker 2 cluster. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. connectors: type: array items: x-kubernetes-preserve-unknown-fields: true type: object description: >- List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API. autoRestartStatuses: type: array items: type: object properties: count: type: integer description: >- The number of times the connector or task is restarted. connectorName: type: string description: The name of the connector being restarted. lastRestartTimestamp: type: string description: >- The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone. description: List of MirrorMaker 2 connector auto restart statuses. connectorPlugins: type: array items: type: object properties: class: type: string description: The class of the connector plugin. type: type: string description: >- The type of the connector plugin. The available types are `sink` and `source`. version: type: string description: The version of the connector plugin. description: >- The list of connector plugins available in this Kafka Connect deployment. labelSelector: type: string description: Label selector for pods providing this resource. replicas: type: integer description: >- The current number of pods being used to provide this resource. description: The status of the Kafka MirrorMaker 2 cluster. --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkatopics.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaTopic listKind: KafkaTopicList singular: kafkatopic plural: kafkatopics shortNames: - kt categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this topic belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Partitions description: The desired number of partitions in the topic jsonPath: .spec.partitions type: integer - name: Replication factor description: The desired number of replicas of each partition jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: topicName: type: string description: >- The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. partitions: type: integer minimum: 1 description: >- The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. replicas: type: integer minimum: 1 maximum: 32767 description: >- The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. config: x-kubernetes-preserve-unknown-fields: true type: object description: The topic configuration. description: The specification of the topic. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. topicName: type: string description: Topic name. topicId: type: string description: >- The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name. replicasChange: type: object properties: targetReplicas: type: integer description: >- The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. state: type: string enum: - pending - ongoing description: >- Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control. message: type: string description: >- Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. sessionId: type: string description: >- The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. description: Replication factor change status. description: The status of the topic. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaTopic API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this topic belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Partitions description: The desired number of partitions in the topic jsonPath: .spec.partitions type: integer - name: Replication factor description: The desired number of replicas of each partition jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: topicName: type: string description: >- The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. partitions: type: integer minimum: 1 description: >- The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. replicas: type: integer minimum: 1 maximum: 32767 description: >- The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. config: x-kubernetes-preserve-unknown-fields: true type: object description: The topic configuration. description: The specification of the topic. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. topicName: type: string description: Topic name. topicId: type: string description: >- The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name. replicasChange: type: object properties: targetReplicas: type: integer description: >- The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. state: type: string enum: - pending - ongoing description: >- Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control. message: type: string description: >- Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. sessionId: type: string description: >- The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. description: Replication factor change status. description: The status of the topic. - name: v1beta1 served: true storage: false deprecated: true deprecationWarning: >- Version v1beta1 of the KafkaTopic API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this topic belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Partitions description: The desired number of partitions in the topic jsonPath: .spec.partitions type: integer - name: Replication factor description: The desired number of replicas of each partition jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: topicName: type: string description: >- The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. partitions: type: integer minimum: 1 description: >- The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. replicas: type: integer minimum: 1 maximum: 32767 description: >- The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. config: x-kubernetes-preserve-unknown-fields: true type: object description: The topic configuration. description: The specification of the topic. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. topicName: type: string description: Topic name. topicId: type: string description: >- The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name. replicasChange: type: object properties: targetReplicas: type: integer description: >- The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. state: type: string enum: - pending - ongoing description: >- Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control. message: type: string description: >- Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. sessionId: type: string description: >- The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. description: Replication factor change status. description: The status of the topic. - name: v1alpha1 served: true storage: false deprecated: true deprecationWarning: >- Version v1alpha1 of the KafkaTopic API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this topic belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Partitions description: The desired number of partitions in the topic jsonPath: .spec.partitions type: integer - name: Replication factor description: The desired number of replicas of each partition jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: topicName: type: string description: >- The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. partitions: type: integer minimum: 1 description: >- The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. replicas: type: integer minimum: 1 maximum: 32767 description: >- The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. config: x-kubernetes-preserve-unknown-fields: true type: object description: The topic configuration. description: The specification of the topic. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. topicName: type: string description: Topic name. topicId: type: string description: >- The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name. replicasChange: type: object properties: targetReplicas: type: integer description: >- The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. state: type: string enum: - pending - ongoing description: >- Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control. message: type: string description: >- Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. sessionId: type: string description: >- The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. description: Replication factor change status. description: The status of the topic. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-cluster-operator-namespaced labels: app: strimzi rules: - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - get - list - watch - create - delete - patch - update - apiGroups: - rbac.authorization.k8s.io resources: - roles verbs: - get - list - watch - create - delete - patch - update - apiGroups: - '' resources: - pods - serviceaccounts - configmaps - services - endpoints - secrets - persistentvolumeclaims verbs: - get - list - watch - create - delete - patch - update - apiGroups: - apps resources: - deployments - replicasets verbs: - get - list - watch - create - delete - patch - update - apiGroups: - apps resources: - deployments/scale verbs: - get - patch - update - apiGroups: - events.k8s.io resources: - events verbs: - create - apiGroups: - build.openshift.io resources: - buildconfigs - buildconfigs/instantiate - builds verbs: - get - list - watch - create - delete - patch - update - apiGroups: - networking.k8s.io resources: - networkpolicies - ingresses verbs: - get - list - watch - create - delete - patch - update - apiGroups: - route.openshift.io resources: - routes - routes/custom-host verbs: - get - list - watch - create - delete - patch - update - apiGroups: - image.openshift.io resources: - imagestreams verbs: - get - apiGroups: - policy resources: - poddisruptionbudgets verbs: - get - list - watch - create - delete - patch - update --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkas.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: Kafka listKind: KafkaList singular: kafka plural: kafkas shortNames: - k categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} additionalPrinterColumns: - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string - name: Metadata State description: The state of the cluster metadata jsonPath: .status.kafkaMetadataState type: string - name: Warnings description: Warnings related to the custom resource jsonPath: '.status.conditions[?(@.type=="Warning")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: kafka: type: object properties: version: type: string metadataVersion: type: string image: type: string listeners: type: array minItems: 1 items: type: object properties: name: type: string pattern: '^[a-z0-9]{1,11}$' port: type: integer minimum: 9092 type: type: string enum: - internal - route - loadbalancer - nodeport - ingress - cluster-ip tls: type: boolean authentication: type: object properties: listenerConfig: x-kubernetes-preserve-unknown-fields: true type: object sasl: type: boolean type: type: string enum: - tls - scram-sha-512 - custom required: - type configuration: type: object properties: brokerCertChainAndKey: type: object properties: secretName: type: string certificate: type: string key: type: string required: - secretName - certificate - key class: type: string externalTrafficPolicy: type: string enum: - Local - Cluster loadBalancerSourceRanges: type: array items: type: string bootstrap: type: object properties: alternativeNames: type: array items: type: string host: type: string nodePort: type: integer loadBalancerIP: type: string annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object externalIPs: type: array items: type: string brokers: type: array items: type: object properties: broker: type: integer advertisedHost: type: string advertisedPort: type: integer host: type: string nodePort: type: integer loadBalancerIP: type: string annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object externalIPs: type: array items: type: string required: - broker ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 createBootstrapService: type: boolean finalizers: type: array items: type: string useServiceDnsDomain: type: boolean maxConnections: type: integer maxConnectionCreationRate: type: integer preferredNodePortAddressType: type: string enum: - ExternalIP - ExternalDNS - InternalIP - InternalDNS - Hostname publishNotReadyAddresses: type: boolean hostTemplate: type: string advertisedHostTemplate: type: string allocateLoadBalancerNodePorts: type: boolean networkPolicyPeers: type: array items: type: object properties: ipBlock: type: object properties: cidr: type: string except: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object podSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object required: - name - port - type - tls config: x-kubernetes-preserve-unknown-fields: true type: object authorization: type: object properties: authorizerClass: type: string superUsers: type: array items: type: string supportsAdminApi: type: boolean type: type: string enum: - simple - custom required: - type rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone required: - topologyKey brokerRackInitImage: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password required: - type metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean values: type: object properties: allowList: type: array items: type: string required: - type x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type template: type: object properties: pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} bootstrapService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 brokersService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 externalBootstrapService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object externalBootstrapRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object externalBootstrapIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object persistentVolumeClaim: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 kafkaContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string initContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string clusterCaCert: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object tieredStorage: type: object properties: remoteStorageManager: type: object properties: className: type: string classPath: type: string config: additionalProperties: type: string type: object type: type: string enum: - custom required: - type quotas: type: object properties: consumerByteRate: type: integer minimum: 0 controllerMutationRate: type: number minimum: 0 excludedPrincipals: type: array items: type: string minAvailableBytesPerVolume: type: integer minimum: 0 minAvailableRatioPerVolume: type: number minimum: 0 maximum: 1 producerByteRate: type: integer minimum: 0 requestPercentage: type: integer minimum: 0 type: type: string enum: - kafka - strimzi required: - type required: - listeners entityOperator: type: object properties: topicOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalMs: type: integer minimum: 0 startupProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string userOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalMs: type: integer minimum: 0 secretPrefix: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} topicOperatorContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string userOperatorContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 entityOperatorRole: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object topicOperatorRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object userOperatorRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object clusterCa: type: object properties: generateCertificateAuthority: type: boolean generateSecretOwnerReference: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key clientsCa: type: object properties: generateCertificateAuthority: type: boolean generateSecretOwnerReference: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key cruiseControl: type: object properties: image: type: string resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 cruiseControlContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object brokerCapacity: type: object properties: cpu: type: string pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' inboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' outboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' overrides: type: array items: type: object properties: brokers: type: array items: type: integer cpu: type: string pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' inboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' outboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' required: - brokers config: x-kubernetes-preserve-unknown-fields: true type: object metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean values: type: object properties: allowList: type: array items: type: string required: - type x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required - rule: self.type != 'strimziMetricsReporter' message: value type not supported apiUsers: type: object properties: type: type: string enum: - hashLoginService valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type - valueFrom autoRebalance: type: array minItems: 1 items: type: object properties: mode: type: string enum: - add-brokers - remove-brokers template: type: object properties: name: type: string required: - mode kafkaExporter: type: object properties: image: type: string groupRegex: type: string topicRegex: type: string groupExcludeRegex: type: string topicExcludeRegex: type: string resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object logging: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 enableSaramaLogging: type: boolean showAllOffsets: type: boolean template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} container: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 maintenanceTimeWindows: type: array items: type: string required: - kafka status: type: object properties: conditions: type: array items: type: object properties: type: type: string status: type: string lastTransitionTime: type: string reason: type: string message: type: string observedGeneration: type: integer listeners: type: array items: type: object properties: name: type: string addresses: type: array items: type: object properties: host: type: string port: type: integer bootstrapServers: type: string certificates: type: array items: type: string kafkaNodePools: type: array items: type: object properties: name: type: string clusterId: type: string operatorLastSuccessfulVersion: type: string kafkaVersion: type: string kafkaMetadataVersion: type: string autoRebalance: type: object properties: state: type: string enum: - Idle - RebalanceOnScaleDown - RebalanceOnScaleUp lastTransitionTime: type: string modes: type: array items: type: object properties: mode: type: string enum: - add-brokers - remove-brokers brokers: type: array items: type: integer required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the Kafka API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string - name: Metadata State description: The state of the cluster metadata jsonPath: .status.kafkaMetadataState type: string - name: Warnings description: Warnings related to the custom resource jsonPath: '.status.conditions[?(@.type=="Warning")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: kafka: type: object properties: version: type: string metadataVersion: type: string replicas: type: integer minimum: 1 image: type: string listeners: type: array minItems: 1 items: type: object properties: name: type: string pattern: '^[a-z0-9]{1,11}$' port: type: integer minimum: 9092 type: type: string enum: - internal - route - loadbalancer - nodeport - ingress - cluster-ip tls: type: boolean authentication: type: object properties: accessTokenIsJwt: type: boolean checkAccessTokenType: type: boolean checkAudience: type: boolean checkIssuer: type: boolean clientAudience: type: string clientGrantType: type: string clientId: type: string clientScope: type: string clientSecret: type: object properties: key: type: string secretName: type: string required: - key - secretName connectTimeoutSeconds: type: integer customClaimCheck: type: string disableTlsHostnameVerification: type: boolean enableECDSA: type: boolean enableMetrics: type: boolean enableOauthBearer: type: boolean enablePlain: type: boolean failFast: type: boolean fallbackUserNameClaim: type: string fallbackUserNamePrefix: type: string groupsClaim: type: string groupsClaimDelimiter: type: string httpRetries: type: integer httpRetryPauseMs: type: integer includeAcceptHeader: type: boolean introspectionEndpointUri: type: string jwksEndpointUri: type: string jwksExpirySeconds: type: integer minimum: 1 jwksIgnoreKeyUse: type: boolean jwksMinRefreshPauseSeconds: type: integer minimum: 0 jwksRefreshSeconds: type: integer minimum: 1 listenerConfig: x-kubernetes-preserve-unknown-fields: true type: object maxSecondsWithoutReauthentication: type: integer readTimeoutSeconds: type: integer sasl: type: boolean secrets: type: array items: type: object properties: key: type: string secretName: type: string required: - key - secretName serverBearerTokenLocation: type: string tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string certificate: type: string pattern: type: string oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName tokenEndpointUri: type: string type: type: string enum: - tls - scram-sha-512 - oauth - custom userInfoEndpointUri: type: string userNameClaim: type: string userNamePrefix: type: string validIssuerUri: type: string validTokenType: type: string required: - type configuration: type: object properties: brokerCertChainAndKey: type: object properties: secretName: type: string certificate: type: string key: type: string required: - secretName - certificate - key class: type: string externalTrafficPolicy: type: string enum: - Local - Cluster loadBalancerSourceRanges: type: array items: type: string bootstrap: type: object properties: alternativeNames: type: array items: type: string host: type: string nodePort: type: integer loadBalancerIP: type: string annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object externalIPs: type: array items: type: string brokers: type: array items: type: object properties: broker: type: integer advertisedHost: type: string advertisedPort: type: integer host: type: string nodePort: type: integer loadBalancerIP: type: string annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object externalIPs: type: array items: type: string required: - broker ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 createBootstrapService: type: boolean finalizers: type: array items: type: string useServiceDnsDomain: type: boolean maxConnections: type: integer maxConnectionCreationRate: type: integer preferredNodePortAddressType: type: string enum: - ExternalIP - ExternalDNS - InternalIP - InternalDNS - Hostname publishNotReadyAddresses: type: boolean hostTemplate: type: string advertisedHostTemplate: type: string allocateLoadBalancerNodePorts: type: boolean networkPolicyPeers: type: array items: type: object properties: ipBlock: type: object properties: cidr: type: string except: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object podSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object required: - name - port - type - tls config: x-kubernetes-preserve-unknown-fields: true type: object storage: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 kraftMetadata: type: string enum: - shared overrides: type: array items: type: object properties: class: type: string broker: type: integer selector: additionalProperties: type: string type: object size: type: string sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' type: type: string enum: - ephemeral - persistent-claim - jbod volumeAttributesClass: type: string volumes: type: array items: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 kraftMetadata: type: string enum: - shared overrides: type: array items: type: object properties: class: type: string broker: type: integer selector: additionalProperties: type: string type: object size: type: string sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' type: type: string enum: - ephemeral - persistent-claim volumeAttributesClass: type: string required: - type required: - type authorization: type: object properties: allowOnError: type: boolean authorizerClass: type: string clientId: type: string connectTimeoutSeconds: type: integer minimum: 1 delegateToKafkaAcls: type: boolean disableTlsHostnameVerification: type: boolean enableMetrics: type: boolean expireAfterMs: type: integer grantsAlwaysLatest: type: boolean grantsGcPeriodSeconds: type: integer minimum: 1 grantsMaxIdleTimeSeconds: type: integer minimum: 1 grantsRefreshPeriodSeconds: type: integer minimum: 0 grantsRefreshPoolSize: type: integer minimum: 1 httpRetries: type: integer minimum: 0 includeAcceptHeader: type: boolean initialCacheCapacity: type: integer maximumCacheSize: type: integer readTimeoutSeconds: type: integer minimum: 1 superUsers: type: array items: type: string supportsAdminApi: type: boolean tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string certificate: type: string pattern: type: string oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName tokenEndpointUri: type: string type: type: string enum: - simple - opa - keycloak - custom url: type: string example: 'http://opa:8181/v1/data/kafka/authz/allow' required: - type rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone required: - topologyKey brokerRackInitImage: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password required: - type resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean values: type: object properties: allowList: type: array items: type: string required: - type x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type template: type: object properties: statefulset: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podManagementPolicy: type: string enum: - OrderedReady - Parallel pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} bootstrapService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 brokersService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 externalBootstrapService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object externalBootstrapRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object externalBootstrapIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object perPodIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object persistentVolumeClaim: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 kafkaContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string initContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string clusterCaCert: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object tieredStorage: type: object properties: remoteStorageManager: type: object properties: className: type: string classPath: type: string config: additionalProperties: type: string type: object type: type: string enum: - custom required: - type quotas: type: object properties: consumerByteRate: type: integer minimum: 0 controllerMutationRate: type: number minimum: 0 excludedPrincipals: type: array items: type: string minAvailableBytesPerVolume: type: integer minimum: 0 minAvailableRatioPerVolume: type: number minimum: 0 maximum: 1 producerByteRate: type: integer minimum: 0 requestPercentage: type: integer minimum: 0 type: type: string enum: - kafka - strimzi required: - type required: - listeners zookeeper: type: object properties: replicas: type: integer minimum: 1 image: type: string storage: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 kraftMetadata: type: string enum: - shared overrides: type: array items: type: object properties: class: type: string broker: type: integer selector: additionalProperties: type: string type: object size: type: string sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' type: type: string enum: - ephemeral - persistent-claim volumeAttributesClass: type: string required: - type config: x-kubernetes-preserve-unknown-fields: true type: object livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password required: - type resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean values: type: object properties: allowList: type: array items: type: string required: - type x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type template: type: object properties: statefulset: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podManagementPolicy: type: string enum: - OrderedReady - Parallel podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} clientService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 nodesService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 persistentVolumeClaim: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 zookeeperContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object required: - replicas - storage entityOperator: type: object properties: topicOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalSeconds: type: integer minimum: 0 reconciliationIntervalMs: type: integer minimum: 0 zookeeperSessionTimeoutSeconds: type: integer minimum: 0 startupProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object topicMetadataMaxAttempts: type: integer minimum: 0 logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string userOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalSeconds: type: integer minimum: 0 reconciliationIntervalMs: type: integer minimum: 0 zookeeperSessionTimeoutSeconds: type: integer minimum: 0 secretPrefix: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string tlsSidecar: type: object properties: image: type: string resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} topicOperatorContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string userOperatorContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string tlsSidecarContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 entityOperatorRole: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object topicOperatorRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object userOperatorRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object clusterCa: type: object properties: generateCertificateAuthority: type: boolean generateSecretOwnerReference: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key clientsCa: type: object properties: generateCertificateAuthority: type: boolean generateSecretOwnerReference: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key cruiseControl: type: object properties: image: type: string tlsSidecar: type: object properties: image: type: string resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' gcLoggingEnabled: type: boolean javaSystemProperties: type: array items: type: object properties: name: type: string value: type: string logging: type: object properties: loggers: additionalProperties: type: string type: object type: type: string enum: - inline - external valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 cruiseControlContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string tlsSidecarContainer: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object brokerCapacity: type: object properties: disk: type: string pattern: '^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$' cpuUtilization: type: integer minimum: 0 maximum: 100 cpu: type: string pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' inboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' outboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' overrides: type: array items: type: object properties: brokers: type: array items: type: integer cpu: type: string pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' inboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' outboundNetwork: type: string pattern: '^[0-9]+([KMG]i?)?B/s$' required: - brokers config: x-kubernetes-preserve-unknown-fields: true type: object metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean values: type: object properties: allowList: type: array items: type: string required: - type x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required - rule: self.type != 'strimziMetricsReporter' message: value type not supported apiUsers: type: object properties: type: type: string enum: - hashLoginService valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - type - valueFrom autoRebalance: type: array minItems: 1 items: type: object properties: mode: type: string enum: - add-brokers - remove-brokers template: type: object properties: name: type: string required: - mode jmxTrans: type: object properties: image: type: string outputDefinitions: type: array items: type: object properties: outputType: type: string host: type: string port: type: integer flushDelayInSeconds: type: integer typeNames: type: array items: type: string name: type: string required: - outputType - name logLevel: type: string kafkaQueries: type: array items: type: object properties: targetMBean: type: string attributes: type: array items: type: string outputs: type: array items: type: string required: - targetMBean - attributes - outputs resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} container: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object required: - outputDefinitions - kafkaQueries kafkaExporter: type: object properties: image: type: string groupRegex: type: string topicRegex: type: string groupExcludeRegex: type: string topicExcludeRegex: type: string resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object logging: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 1 periodSeconds: type: integer minimum: 1 successThreshold: type: integer minimum: 1 failureThreshold: type: integer minimum: 1 enableSaramaLogging: type: boolean showAllOffsets: type: boolean template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object deploymentStrategy: type: string enum: - RollingUpdate - Recreate pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string terminationGracePeriodSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string priorityClassName: type: string schedulerName: type: string hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string enableServiceLinks: type: boolean tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' volumes: type: array items: type: object properties: name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean emptyDir: type: object properties: medium: type: string enum: - Memory sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object image: type: object properties: pullPolicy: type: string reference: type: string oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} service: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object container: type: object properties: env: type: array items: type: object properties: name: type: string value: type: string valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object annotations: additionalProperties: type: string type: object maxUnavailable: type: integer minimum: 0 maintenanceTimeWindows: type: array items: type: string required: - kafka status: type: object properties: conditions: type: array items: type: object properties: type: type: string status: type: string lastTransitionTime: type: string reason: type: string message: type: string observedGeneration: type: integer listeners: type: array items: type: object properties: type: type: string name: type: string addresses: type: array items: type: object properties: host: type: string port: type: integer bootstrapServers: type: string certificates: type: array items: type: string kafkaNodePools: type: array items: type: object properties: name: type: string registeredNodeIds: type: array items: type: integer clusterId: type: string operatorLastSuccessfulVersion: type: string kafkaVersion: type: string kafkaMetadataVersion: type: string kafkaMetadataState: type: string enum: - ZooKeeper - KRaftMigration - KRaftDualWriting - KRaftPostMigration - PreKRaft - KRaft autoRebalance: type: object properties: state: type: string enum: - Idle - RebalanceOnScaleDown - RebalanceOnScaleUp lastTransitionTime: type: string modes: type: array items: type: object properties: mode: type: string enum: - add-brokers - remove-brokers brokers: type: array items: type: integer --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: strimzi-cluster-operator-kafka-client-delegation labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-kafka-client apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: strimzi-cluster-operator-watched labels: app: strimzi namespace: kafka subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-cluster-operator-watched apiGroup: rbac.authorization.k8s.io --- kind: ConfigMap apiVersion: v1 metadata: name: strimzi-cluster-operator labels: app: strimzi namespace: kafka data: log4j2.properties: > name = COConfig monitorInterval = 30 appender.console.type = Console appender.console.name = STDOUT appender.console.layout.type = PatternLayout appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} rootLogger.appenderRefs = stdout rootLogger.appenderRef.console.ref = STDOUT # Kafka AdminClient logging is a bit noisy at INFO level logger.kafka.name = org.apache.kafka logger.kafka.level = WARN # Keeps separate level for Netty logging -> to not be changed by the root logger logger.netty.name = io.netty logger.netty.level = INFO --- apiVersion: apps/v1 kind: Deployment metadata: name: strimzi-cluster-operator labels: app: strimzi namespace: kafka spec: replicas: 1 selector: matchLabels: name: strimzi-cluster-operator strimzi.io/kind: cluster-operator template: metadata: labels: name: strimzi-cluster-operator strimzi.io/kind: cluster-operator spec: serviceAccountName: strimzi-cluster-operator volumes: - name: strimzi-tmp emptyDir: medium: Memory sizeLimit: 1Mi - name: co-config-volume configMap: name: strimzi-cluster-operator containers: - name: strimzi-cluster-operator image: 'quay.io/strimzi/operator:0.49.1' ports: - containerPort: 8080 name: http args: - /opt/strimzi/bin/cluster_operator_run.sh volumeMounts: - name: strimzi-tmp mountPath: /tmp - name: co-config-volume mountPath: /opt/strimzi/custom-config/ env: - name: STRIMZI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS value: '120000' - name: STRIMZI_OPERATION_TIMEOUT_MS value: '300000' - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE value: 'quay.io/strimzi/kafka:0.49.1-kafka-4.1.1' - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE value: 'quay.io/strimzi/kafka:0.49.1-kafka-4.1.1' - name: STRIMZI_KAFKA_IMAGES value: | 4.0.0=quay.io/strimzi/kafka:0.49.1-kafka-4.0.0 4.0.1=quay.io/strimzi/kafka:0.49.1-kafka-4.0.1 4.1.0=quay.io/strimzi/kafka:0.49.1-kafka-4.1.0 4.1.1=quay.io/strimzi/kafka:0.49.1-kafka-4.1.1 - name: STRIMZI_KAFKA_CONNECT_IMAGES value: | 4.0.0=quay.io/strimzi/kafka:0.49.1-kafka-4.0.0 4.0.1=quay.io/strimzi/kafka:0.49.1-kafka-4.0.1 4.1.0=quay.io/strimzi/kafka:0.49.1-kafka-4.1.0 4.1.1=quay.io/strimzi/kafka:0.49.1-kafka-4.1.1 - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES value: | 4.0.0=quay.io/strimzi/kafka:0.49.1-kafka-4.0.0 4.0.1=quay.io/strimzi/kafka:0.49.1-kafka-4.0.1 4.1.0=quay.io/strimzi/kafka:0.49.1-kafka-4.1.0 4.1.1=quay.io/strimzi/kafka:0.49.1-kafka-4.1.1 - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE value: 'quay.io/strimzi/operator:0.49.1' - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE value: 'quay.io/strimzi/operator:0.49.1' - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE value: 'quay.io/strimzi/operator:0.49.1' - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE value: 'quay.io/strimzi/kafka-bridge:0.33.1' - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE value: 'quay.io/strimzi/kaniko-executor:0.49.1' - name: STRIMZI_DEFAULT_BUILDAH_IMAGE value: 'quay.io/strimzi/buildah:0.49.1' - name: STRIMZI_DEFAULT_MAVEN_BUILDER value: 'quay.io/strimzi/maven-builder:0.49.1' - name: STRIMZI_OPERATOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: STRIMZI_FEATURE_GATES value: '' - name: STRIMZI_LEADER_ELECTION_ENABLED value: 'true' - name: STRIMZI_LEADER_ELECTION_LEASE_NAME value: strimzi-cluster-operator - name: STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: STRIMZI_LEADER_ELECTION_IDENTITY valueFrom: fieldRef: fieldPath: metadata.name livenessProbe: httpGet: path: /healthy port: http initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /ready port: http initialDelaySeconds: 10 periodSeconds: 30 resources: limits: cpu: 1000m memory: 384Mi requests: cpu: 200m memory: 384Mi --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkausers.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaUser listKind: KafkaUserList singular: kafkauser plural: kafkausers shortNames: - ku categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this user belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Authentication description: How the user is authenticated jsonPath: .spec.authentication.type type: string - name: Authorization description: How the user is authorised jsonPath: .spec.authorization.type type: string - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: authentication: type: object properties: password: type: object properties: valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Selects a key of a Secret in the resource's namespace. description: Secret from which the password should be read. required: - valueFrom description: >- Specify the password for the user. If not set, a new password is generated by the User Operator. type: type: string enum: - tls - tls-external - scram-sha-512 description: Authentication type. required: - type description: >- Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials. * `tls` generates a secret with user certificate for mutual TLS authentication. * `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator. ACLs and quotas set for this user are configured in the `CN=` format. Authentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication. authorization: type: object properties: acls: type: array items: type: object properties: type: type: string enum: - allow - deny description: >- The type of the rule. ACL rules with type `allow` are used to allow user to execute the specified operations. ACL rules with type `deny` are used to deny user to execute the specified operations. Default value is `allow`. resource: type: object properties: name: type: string description: >- Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. patternType: type: string enum: - literal - prefix description: >- Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. type: type: string enum: - topic - group - cluster - transactionalId description: >- Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. required: - type description: >- Indicates the resource for which given ACL rule applies. host: type: string description: >- The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host. operations: type: array items: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. required: - resource - operations description: List of ACL rules which should be applied to this user. type: type: string enum: - simple description: >- Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. required: - acls - type description: Authorization rules for this Kafka user. quotas: type: object properties: producerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. consumerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. requestPercentage: type: integer minimum: 0 description: >- A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. controllerMutationRate: type: number minimum: 0 description: >- A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. description: >- Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. template: type: object properties: secret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. description: The specification of the user. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. username: type: string description: Username. secret: type: string description: The name of `Secret` where the credentials are stored. description: The status of the Kafka User. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaUser API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this user belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Authentication description: How the user is authenticated jsonPath: .spec.authentication.type type: string - name: Authorization description: How the user is authorised jsonPath: .spec.authorization.type type: string - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: authentication: type: object properties: password: type: object properties: valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Selects a key of a Secret in the resource's namespace. description: Secret from which the password should be read. required: - valueFrom description: >- Specify the password for the user. If not set, a new password is generated by the User Operator. type: type: string enum: - tls - tls-external - scram-sha-512 description: Authentication type. required: - type description: >- Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials. * `tls` generates a secret with user certificate for mutual TLS authentication. * `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator. ACLs and quotas set for this user are configured in the `CN=` format. Authentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication. authorization: type: object properties: acls: type: array items: type: object properties: type: type: string enum: - allow - deny description: >- The type of the rule. ACL rules with type `allow` are used to allow user to execute the specified operations. ACL rules with type `deny` are used to deny user to execute the specified operations. Default value is `allow`. resource: type: object properties: name: type: string description: >- Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. patternType: type: string enum: - literal - prefix description: >- Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. type: type: string enum: - topic - group - cluster - transactionalId description: >- Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. required: - type description: >- Indicates the resource for which given ACL rule applies. host: type: string description: >- The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host. operation: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. operations: type: array items: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. required: - resource description: List of ACL rules which should be applied to this user. type: type: string enum: - simple description: >- Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. required: - acls - type description: Authorization rules for this Kafka user. quotas: type: object properties: producerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. consumerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. requestPercentage: type: integer minimum: 0 description: >- A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. controllerMutationRate: type: number minimum: 0 description: >- A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. description: >- Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. template: type: object properties: secret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. description: The specification of the user. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. username: type: string description: Username. secret: type: string description: The name of `Secret` where the credentials are stored. description: The status of the Kafka User. - name: v1beta1 served: true storage: false deprecated: true deprecationWarning: >- Version v1beta1 of the KafkaUser API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this user belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Authentication description: How the user is authenticated jsonPath: .spec.authentication.type type: string - name: Authorization description: How the user is authorised jsonPath: .spec.authorization.type type: string - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: authentication: type: object properties: password: type: object properties: valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Selects a key of a Secret in the resource's namespace. description: Secret from which the password should be read. required: - valueFrom description: >- Specify the password for the user. If not set, a new password is generated by the User Operator. type: type: string enum: - tls - tls-external - scram-sha-512 description: Authentication type. required: - type description: >- Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials. * `tls` generates a secret with user certificate for mutual TLS authentication. * `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator. ACLs and quotas set for this user are configured in the `CN=` format. Authentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication. authorization: type: object properties: acls: type: array items: type: object properties: type: type: string enum: - allow - deny description: >- The type of the rule. ACL rules with type `allow` are used to allow user to execute the specified operations. ACL rules with type `deny` are used to deny user to execute the specified operations. Default value is `allow`. resource: type: object properties: name: type: string description: >- Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. patternType: type: string enum: - literal - prefix description: >- Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. type: type: string enum: - topic - group - cluster - transactionalId description: >- Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. required: - type description: >- Indicates the resource for which given ACL rule applies. host: type: string description: >- The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host. operation: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. operations: type: array items: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. required: - resource description: List of ACL rules which should be applied to this user. type: type: string enum: - simple description: >- Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. required: - acls - type description: Authorization rules for this Kafka user. quotas: type: object properties: producerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. consumerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. requestPercentage: type: integer minimum: 0 description: >- A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. controllerMutationRate: type: number minimum: 0 description: >- A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. description: >- Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. template: type: object properties: secret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. description: The specification of the user. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. username: type: string description: Username. secret: type: string description: The name of `Secret` where the credentials are stored. description: The status of the Kafka User. - name: v1alpha1 served: true storage: false deprecated: true deprecationWarning: >- Version v1alpha1 of the KafkaUser API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this user belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Authentication description: How the user is authenticated jsonPath: .spec.authentication.type type: string - name: Authorization description: How the user is authorised jsonPath: .spec.authorization.type type: string - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: authentication: type: object properties: password: type: object properties: valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Selects a key of a Secret in the resource's namespace. description: Secret from which the password should be read. required: - valueFrom description: >- Specify the password for the user. If not set, a new password is generated by the User Operator. type: type: string enum: - tls - tls-external - scram-sha-512 description: Authentication type. required: - type description: >- Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials. * `tls` generates a secret with user certificate for mutual TLS authentication. * `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator. ACLs and quotas set for this user are configured in the `CN=` format. Authentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication. authorization: type: object properties: acls: type: array items: type: object properties: type: type: string enum: - allow - deny description: >- The type of the rule. ACL rules with type `allow` are used to allow user to execute the specified operations. ACL rules with type `deny` are used to deny user to execute the specified operations. Default value is `allow`. resource: type: object properties: name: type: string description: >- Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. patternType: type: string enum: - literal - prefix description: >- Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. type: type: string enum: - topic - group - cluster - transactionalId description: >- Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. required: - type description: >- Indicates the resource for which given ACL rule applies. host: type: string description: >- The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host. operation: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. operations: type: array items: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All description: >- List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. required: - resource description: List of ACL rules which should be applied to this user. type: type: string enum: - simple description: >- Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. required: - acls - type description: Authorization rules for this Kafka user. quotas: type: object properties: producerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. consumerByteRate: type: integer minimum: 0 description: >- A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. requestPercentage: type: integer minimum: 0 description: >- A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. controllerMutationRate: type: number minimum: 0 description: >- A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. description: >- Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. template: type: object properties: secret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. description: The specification of the user. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. username: type: string description: Username. secret: type: string description: The name of `Secret` where the credentials are stored. description: The status of the Kafka User. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-cluster-operator-global labels: app: strimzi rules: - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings verbs: - get - list - watch - create - delete - patch - update - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - apiGroups: - '' resources: - nodes verbs: - list --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkarebalances.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaRebalance listKind: KafkaRebalanceList singular: kafkarebalance plural: kafkarebalances shortNames: - kr categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this resource rebalances jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Template description: If this rebalance resource is a template jsonPath: .metadata.annotations.strimzi\.io/rebalance-template type: string - name: Status description: Status of the current rebalancing operation jsonPath: '.status.conditions[*].type' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: mode: type: string enum: - full - add-brokers - remove-brokers - remove-disks description: >- Mode to run the rebalancing. The supported modes are `full`, `add-brokers`, `remove-brokers`. If not specified, the `full` mode is used by default. * `full` mode runs the rebalancing across all the brokers in the cluster. * `add-brokers` mode can be used after scaling up the cluster to move some replicas to the newly added brokers. * `remove-brokers` mode can be used before scaling down the cluster to move replicas out of the brokers to be removed. * `remove-disks` mode can be used to move data across the volumes within the same broker . brokers: type: array items: type: integer description: >- The list of newly added brokers in case of scaling up or the ones to be removed in case of scaling down to use for rebalancing. This list can be used only with rebalancing mode `add-brokers` and `removed-brokers`. It is ignored with `full` mode. goals: type: array items: type: string description: >- A list of goals, ordered by decreasing priority, to use for generating and executing the rebalance proposal. The supported goals are available at https://github.com/linkedin/cruise-control#goals. If an empty goals list is provided, the goals declared in the default.goals Cruise Control configuration parameter are used. skipHardGoalCheck: type: boolean description: >- Whether to allow the hard goals specified in the Kafka CR to be skipped in optimization proposal generation. This can be useful when some of those hard goals are preventing a balance solution being found. Default is false. rebalanceDisk: type: boolean description: >- Enables intra-broker disk balancing, which balances disk space utilization between disks on the same broker. Only applies to Kafka deployments that use JBOD storage with multiple disks. When enabled, inter-broker balancing is disabled. Default is false. excludedTopics: type: string description: >- A regular expression where any matching topics will be excluded from the calculation of optimization proposals. This expression will be parsed by the java.util.regex.Pattern class; for more information on the supported format consult the documentation for that class. concurrentPartitionMovementsPerBroker: type: integer minimum: 0 description: >- The upper bound of ongoing partition replica movements going into/out of each broker. Default is 5. concurrentIntraBrokerPartitionMovements: type: integer minimum: 0 description: >- The upper bound of ongoing partition replica movements between disks within each broker. Default is 2. concurrentLeaderMovements: type: integer minimum: 0 description: >- The upper bound of ongoing partition leadership movements. Default is 1000. replicationThrottle: type: integer minimum: 0 description: >- The upper bound, in bytes per second, on the bandwidth used to move replicas. There is no limit by default. replicaMovementStrategies: type: array items: type: string description: >- A list of strategy class names used to determine the execution order for the replica movements in the generated optimization proposal. By default BaseReplicaMovementStrategy is used, which will execute the replica movements in the order that they were generated. moveReplicasOffVolumes: type: array minItems: 1 items: type: object properties: brokerId: type: integer description: >- ID of the broker that contains the disk from which you want to move the partition replicas. volumeIds: type: array minItems: 1 items: type: integer description: >- IDs of the disks from which the partition replicas need to be moved. description: >- List of brokers and their corresponding volumes from which replicas need to be moved. description: The specification of the Kafka rebalance. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. sessionId: type: string description: >- The session identifier for requests to Cruise Control pertaining to this KafkaRebalance resource. This is used by the Kafka Rebalance operator to track the status of ongoing rebalancing operations. progress: type: object properties: rebalanceProgressConfigMap: type: string description: >- The name of the `ConfigMap` containing information related to the progress of a partition rebalance. description: A reference to Config Map with the progress information. optimizationResult: x-kubernetes-preserve-unknown-fields: true type: object description: A JSON object describing the optimization result. description: The status of the Kafka rebalance. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaRebalance API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Cluster description: The name of the Kafka cluster this resource rebalances jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Template description: If this rebalance resource is a template jsonPath: .metadata.annotations.strimzi\.io/rebalance-template type: string - name: Status description: Status of the current rebalancing operation jsonPath: '.status.conditions[*].type' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: mode: type: string enum: - full - add-brokers - remove-brokers - remove-disks description: >- Mode to run the rebalancing. The supported modes are `full`, `add-brokers`, `remove-brokers`. If not specified, the `full` mode is used by default. * `full` mode runs the rebalancing across all the brokers in the cluster. * `add-brokers` mode can be used after scaling up the cluster to move some replicas to the newly added brokers. * `remove-brokers` mode can be used before scaling down the cluster to move replicas out of the brokers to be removed. * `remove-disks` mode can be used to move data across the volumes within the same broker . brokers: type: array items: type: integer description: >- The list of newly added brokers in case of scaling up or the ones to be removed in case of scaling down to use for rebalancing. This list can be used only with rebalancing mode `add-brokers` and `removed-brokers`. It is ignored with `full` mode. goals: type: array items: type: string description: >- A list of goals, ordered by decreasing priority, to use for generating and executing the rebalance proposal. The supported goals are available at https://github.com/linkedin/cruise-control#goals. If an empty goals list is provided, the goals declared in the default.goals Cruise Control configuration parameter are used. skipHardGoalCheck: type: boolean description: >- Whether to allow the hard goals specified in the Kafka CR to be skipped in optimization proposal generation. This can be useful when some of those hard goals are preventing a balance solution being found. Default is false. rebalanceDisk: type: boolean description: >- Enables intra-broker disk balancing, which balances disk space utilization between disks on the same broker. Only applies to Kafka deployments that use JBOD storage with multiple disks. When enabled, inter-broker balancing is disabled. Default is false. excludedTopics: type: string description: >- A regular expression where any matching topics will be excluded from the calculation of optimization proposals. This expression will be parsed by the java.util.regex.Pattern class; for more information on the supported format consult the documentation for that class. concurrentPartitionMovementsPerBroker: type: integer minimum: 0 description: >- The upper bound of ongoing partition replica movements going into/out of each broker. Default is 5. concurrentIntraBrokerPartitionMovements: type: integer minimum: 0 description: >- The upper bound of ongoing partition replica movements between disks within each broker. Default is 2. concurrentLeaderMovements: type: integer minimum: 0 description: >- The upper bound of ongoing partition leadership movements. Default is 1000. replicationThrottle: type: integer minimum: 0 description: >- The upper bound, in bytes per second, on the bandwidth used to move replicas. There is no limit by default. replicaMovementStrategies: type: array items: type: string description: >- A list of strategy class names used to determine the execution order for the replica movements in the generated optimization proposal. By default BaseReplicaMovementStrategy is used, which will execute the replica movements in the order that they were generated. moveReplicasOffVolumes: type: array minItems: 1 items: type: object properties: brokerId: type: integer description: >- ID of the broker that contains the disk from which you want to move the partition replicas. volumeIds: type: array minItems: 1 items: type: integer description: >- IDs of the disks from which the partition replicas need to be moved. description: >- List of brokers and their corresponding volumes from which replicas need to be moved. description: The specification of the Kafka rebalance. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. sessionId: type: string description: >- The session identifier for requests to Cruise Control pertaining to this KafkaRebalance resource. This is used by the Kafka Rebalance operator to track the status of ongoing rebalancing operations. progress: type: object properties: rebalanceProgressConfigMap: type: string description: >- The name of the `ConfigMap` containing information related to the progress of a partition rebalance. description: A reference to Config Map with the progress information. optimizationResult: x-kubernetes-preserve-unknown-fields: true type: object description: A JSON object describing the optimization result. description: The status of the Kafka rebalance. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-kafka-broker labels: app: strimzi rules: - apiGroups: - '' resources: - nodes verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-entity-operator labels: app: strimzi rules: - apiGroups: - kafka.strimzi.io resources: - kafkatopics verbs: - get - list - watch - create - patch - update - delete - apiGroups: - kafka.strimzi.io resources: - kafkausers verbs: - get - list - watch - create - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkatopics/status - kafkausers/status verbs: - get - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkatopics/finalizers - kafkausers/finalizers verbs: - update - apiGroups: - '' resources: - secrets verbs: - get - list - watch - create - delete - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-cluster-operator-leader-election labels: app: strimzi rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - apiGroups: - coordination.k8s.io resources: - leases resourceNames: - strimzi-cluster-operator verbs: - get - list - watch - delete - patch - update --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: strimzipodsets.core.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: core.strimzi.io names: kind: StrimziPodSet listKind: StrimziPodSetList singular: strimzipodset plural: strimzipodsets shortNames: - sps categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} additionalPrinterColumns: - name: Pods description: Number of pods managed by the StrimziPodSet jsonPath: .status.pods type: integer - name: Ready Pods description: Number of ready pods managed by the StrimziPodSet jsonPath: .status.readyPods type: integer - name: Current Pods description: Number of up-to-date pods managed by the StrimziPodSet jsonPath: .status.currentPods type: integer - name: Age description: Age of the StrimziPodSet jsonPath: .metadata.creationTimestamp type: date schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: selector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object description: >- Selector is a label query which matches all the pods managed by this `StrimziPodSet`. Only `matchLabels` is supported. If `matchExpressions` is set, it will be ignored. pods: type: array items: x-kubernetes-preserve-unknown-fields: true type: object description: The Pods managed by this StrimziPodSet. required: - selector - pods description: The specification of the StrimziPodSet. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. pods: type: integer description: Number of pods managed by this `StrimziPodSet` resource. readyPods: type: integer description: >- Number of pods managed by this `StrimziPodSet` resource that are ready. currentPods: type: integer description: >- Number of pods managed by this `StrimziPodSet` resource that have the current revision. description: The status of the StrimziPodSet. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the StrimziPodSet API is deprecated. Please use the v1 version instead. subresources: status: {} additionalPrinterColumns: - name: Pods description: Number of pods managed by the StrimziPodSet jsonPath: .status.pods type: integer - name: Ready Pods description: Number of ready pods managed by the StrimziPodSet jsonPath: .status.readyPods type: integer - name: Current Pods description: Number of up-to-date pods managed by the StrimziPodSet jsonPath: .status.currentPods type: integer - name: Age description: Age of the StrimziPodSet jsonPath: .metadata.creationTimestamp type: date schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: selector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object description: >- Selector is a label query which matches all the pods managed by this `StrimziPodSet`. Only `matchLabels` is supported. If `matchExpressions` is set, it will be ignored. pods: type: array items: x-kubernetes-preserve-unknown-fields: true type: object description: The Pods managed by this StrimziPodSet. required: - selector - pods description: The specification of the StrimziPodSet. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. pods: type: integer description: Number of pods managed by this `StrimziPodSet` resource. readyPods: type: integer description: >- Number of pods managed by this `StrimziPodSet` resource that are ready. currentPods: type: integer description: >- Number of pods managed by this `StrimziPodSet` resource that have the current revision. description: The status of the StrimziPodSet. --- apiVersion: v1 kind: ServiceAccount metadata: name: strimzi-cluster-operator labels: app: strimzi namespace: kafka --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkaconnects.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaConnect listKind: KafkaConnectList singular: kafkaconnect plural: kafkaconnects shortNames: - kc categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka Connect replicas jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: version: type: string description: >- The Kafka Connect version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version. replicas: type: integer description: >- The number of pods in the Kafka Connect group. Required in the `v1` version of the Strimzi API. Defaults to `3` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for Kafka Connect pods. If no image name is explicitly specified, it is determined based on the `spec.version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration. bootstrapServers: type: string description: >- Bootstrap servers to connect to. This should be given as a comma separated list of __:__ pairs. groupId: type: string description: A unique ID that identifies the Connect cluster group. configStorageTopic: type: string description: >- The name of the Kafka topic where connector configurations are stored. statusStorageTopic: type: string description: >- The name of the Kafka topic where connector and task status are stored. offsetStorageTopic: type: string description: >- The name of the Kafka topic where source connector offsets are stored. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: TLS configuration. authentication: type: object properties: certificateAndKey: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. sasl: type: boolean description: Enable or disable SASL on this authentication mechanism. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: Authentication configuration for Kafka Connect. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes, prometheus.metrics.reporter. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: >- The maximum limits for CPU and memory resources and the requested initial resources. livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password description: >- Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. required: - type description: >- Authentication configuration for connecting to the JMX port. description: JMX Options. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for Kafka Connect. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the `client.rack` consumer configuration. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required tracing: type: object properties: type: type: string enum: - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. template: type: object properties: podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect API `Service`. headlessService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect headless `Service`. connectContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for Kafka Connect `PodDisruptionBudget`. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: >- Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: >- Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. pullSecret: type: string description: >- Container Registry Secret with the credentials for pulling the base image. description: >- Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift. buildServiceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX authentication. description: >- Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. build: type: object properties: output: type: object properties: additionalBuildOptions: type: array items: type: string description: >- Configures additional options to pass to the `build` command of either Kaniko or Buildah (depending on the feature gate setting) when building a new Kafka Connect image. Allowed Kaniko options: --customPlatform, --custom-platform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run, --registry-certificate, --registry-client-cert, --ignore-path. Allowed Buildah `build` options: --authfile, --cert-dir, --creds, --decryption-key, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Kaniko and Buildah are available. They are ignored on OpenShift. For more information, see the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^] or the link:https://github.com/containers/buildah/blob/main/docs/buildah-build.1.md[Buildah build document^]. Changing this field does not trigger a rebuild of the Kafka Connect image. additionalPushOptions: type: array items: type: string description: >- Configures additional options to pass to the Buildah `push` command when pushing a new Connect image. Allowed options: --authfile, --cert-dir, --creds, --quiet, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Buildah is available. They are ignored on OpenShift. For more information, see the link:https://github.com/containers/buildah/blob/main/docs/buildah-push.1.md[Buildah push document^]. Changing this field does not trigger a rebuild of the Kafka Connect image. image: type: string description: The name of the image which will be built. Required. pushSecret: type: string description: >- Container Registry Secret with the credentials for pushing the newly built image. type: type: string enum: - docker - imagestream description: >- Output type. Must be either `docker` for pushing the newly build image to Docker compatible registry or `imagestream` for pushing the image to OpenShift ImageStream. Required. required: - image - type description: >- Configures where should the newly built image be stored. Required. plugins: type: array items: type: object properties: name: type: string pattern: '^[a-z0-9][-_a-z0-9]*[a-z0-9]$' description: >- The unique name of the connector plugin. Will be used to generate the path where the connector artifacts will be stored. The name has to be unique within the KafkaConnect resource. The name has to follow the following pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required. artifacts: type: array items: type: object properties: artifact: type: string description: >- Maven artifact id. Applicable to the `maven` artifact type only. fileName: type: string description: >- Name under which the artifact will be stored. group: type: string description: >- Maven group id. Applicable to the `maven` artifact type only. insecure: type: boolean description: >- By default, connections using TLS are verified to check they are secure. The server certificate used must be valid, trusted, and contain the server name. By setting this option to `true`, all TLS verification is disabled and the artifact will be downloaded, even when the server is considered insecure. repository: type: string description: >- Maven repository to download the artifact from. Applicable to the `maven` artifact type only. sha512sum: type: string description: >- SHA512 checksum of the artifact. Optional. If specified, the checksum will be verified while building the new container. If not specified, the downloaded artifact will not be verified. Not applicable to the `maven` artifact type. type: type: string enum: - jar - tgz - zip - maven - other description: >- Artifact type. Currently, the supported artifact types are `tgz`, `jar`, `zip`, `other` and `maven`. url: type: string pattern: >- ^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$ description: >- URL of the artifact which will be downloaded. Strimzi does not do any security scanning of the downloaded artifacts. For security reasons, you should first verify the artifacts manually and configure the checksum verification to make sure the same artifact is used in the automated build. Required for `jar`, `zip`, `tgz` and `other` artifacts. Not applicable to the `maven` artifact type. version: type: string description: >- Maven version number. Applicable to the `maven` artifact type only. required: - type description: >- List of artifacts which belong to this connector plugin. Required. required: - name - artifacts description: >- List of connector plugins which should be added to the Kafka Connect. Required. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve for the build. required: - output - plugins description: >- Configures how the Connect container image should be built. Optional. plugins: type: array items: type: object properties: name: type: string pattern: '^[a-z0-9][-_a-z0-9]*[a-z0-9]$' description: >- A unique name for the connector plugin. This name is used to generate the mount path for the connector artifacts. The name has to be unique within the KafkaConnect resource. The name must be unique within the `KafkaConnect` resource and match the pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required. artifacts: type: array items: type: object properties: pullPolicy: type: string description: >- Policy that determines when the container image (OCI artifact) is pulled. Possible values are: * `Always`: Always pull the image. If the pull fails, container creation fails. * `Never`: Never pull the image. Use only a locally available image. Container creation fails if the image isn’t present. * `IfNotPresent`: Pull the image only if it’s not already available locally. Container creation fails if the image isn’t present and the pull fails. Defaults to `Always` if `:latest` tag is specified, or `IfNotPresent` otherwise. reference: type: string description: >- Reference to the container image (OCI artifact) containing the Kafka Connect plugin. The image is mounted as a volume and provides the plugin binary. Required. type: type: string enum: - image description: >- Artifact type. Currently, the only supported artifact type is `image`. required: - reference - type description: >- List of artifacts associated with this connector plugin. Required. required: - name - artifacts description: >- List of connector plugins to mount into the `KafkaConnect` pod. required: - replicas - bootstrapServers - groupId - configStorageTopic - statusStorageTopic - offsetStorageTopic description: The specification of the Kafka Connect cluster. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. connectorPlugins: type: array items: type: object properties: class: type: string description: The class of the connector plugin. type: type: string description: >- The type of the connector plugin. The available types are `sink` and `source`. version: type: string description: The version of the connector plugin. description: >- The list of connector plugins available in this Kafka Connect deployment. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the Kafka Connect cluster. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaConnect API is deprecated. Please use the v1 version instead. subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of Kafka Connect replicas jsonPath: .spec.replicas type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: version: type: string description: >- The Kafka Connect version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version. replicas: type: integer description: >- The number of pods in the Kafka Connect group. Required in the `v1` version of the Strimzi API. Defaults to `3` in the `v1beta2` version of the Strimzi API. image: type: string description: >- The container image used for Kafka Connect pods. If no image name is explicitly specified, it is determined based on the `spec.version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration. bootstrapServers: type: string description: >- Bootstrap servers to connect to. This should be given as a comma separated list of __:__ pairs. groupId: type: string description: A unique ID that identifies the Connect cluster group. configStorageTopic: type: string description: >- The name of the Kafka topic where connector configurations are stored. statusStorageTopic: type: string description: >- The name of the Kafka topic where connector and task status are stored. offsetStorageTopic: type: string description: >- The name of the Kafka topic where source connector offsets are stored. tls: type: object properties: trustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: Trusted certificates for TLS connection. description: TLS configuration. authentication: type: object properties: accessToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the access token which was obtained from the authorization server. accessTokenIsJwt: type: boolean description: >- Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. accessTokenLocation: type: string description: >- Path to the token file containing an access token to be used for authentication. audience: type: string description: >- OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. certificateAndKey: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the Secret. key: type: string description: >- The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208. required: - secretName - certificate - key description: >- Reference to the `Secret` which holds the certificate and private key pair. clientAssertion: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes secret containing the client assertion which was manually configured for the client. clientAssertionLocation: type: string description: >- Path to the file containing the client assertion to be used for authentication. clientAssertionType: type: string description: >- The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. clientId: type: string description: >- OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. clientSecret: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource. connectTimeoutSeconds: type: integer description: >- The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds. disableTlsHostnameVerification: type: boolean description: >- Enable or disable TLS hostname verification. Default value is `false`. enableMetrics: type: boolean description: >- Enable or disable OAuth metrics. Default value is `false`. grantType: type: string description: >- A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations. httpRetries: type: integer description: >- The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries. httpRetryPauseMs: type: integer description: >- The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request. includeAcceptHeader: type: boolean description: >- Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. maxTokenExpirySeconds: type: integer description: >- Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. passwordSecret: type: object properties: secretName: type: string description: The name of the Secret containing the password. password: type: string description: >- The name of the key in the Secret under which the password is stored. required: - secretName - password description: Reference to the `Secret` which holds the password. readTimeoutSeconds: type: integer description: >- The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds. refreshToken: type: object properties: key: type: string description: >- The key under which the secret value is stored in the Kubernetes Secret. secretName: type: string description: >- The name of the Kubernetes Secret containing the secret value. required: - key - secretName description: >- Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. sasl: type: boolean description: Enable or disable SASL on this authentication mechanism. saslExtensions: additionalProperties: type: string type: object description: SASL extensions parameters. scope: type: string description: >- OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. tlsTrustedCertificates: type: array items: type: object properties: secretName: type: string description: The name of the Secret containing the certificate. certificate: type: string description: The name of the file certificate in the secret. pattern: type: string description: >- Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used. oneOf: - properties: certificate: {} required: - certificate - properties: pattern: {} required: - pattern required: - secretName description: >- Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string description: Authorization server token endpoint URI. type: type: string enum: - tls - scram-sha-256 - scram-sha-512 - plain - oauth - custom description: >- Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead. username: type: string description: Username used for the authentication. required: - type description: Authentication configuration for Kafka Connect. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes, prometheus.metrics.reporter. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: >- The maximum limits for CPU and memory resources and the requested initial resources. livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod liveness checking. readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 description: >- The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. timeoutSeconds: type: integer minimum: 1 description: >- The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. periodSeconds: type: integer minimum: 1 description: >- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold: type: integer minimum: 1 description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. failureThreshold: type: integer minimum: 1 description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. description: Pod readiness checking. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. jmxOptions: type: object properties: authentication: type: object properties: type: type: string enum: - password description: >- Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. required: - type description: >- Authentication configuration for connecting to the JMX port. description: JMX Options. logging: type: object properties: loggers: additionalProperties: type: string type: object description: A Map from logger name to logger level. type: type: string enum: - inline - external description: 'Logging type, must be either ''inline'' or ''external''.' valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- `ConfigMap` entry where the logging configuration is stored. required: - type description: Logging configuration for Kafka Connect. clientRackInitImage: type: string description: >- The image of the init container used for initializing the `client.rack`. rack: type: object properties: topologyKey: type: string example: topology.kubernetes.io/zone description: >- A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2. required: - topologyKey description: >- Configuration of the node label which will be used as the `client.rack` consumer configuration. metricsConfig: type: object properties: type: type: string enum: - jmxPrometheusExporter - strimziMetricsReporter description: >- Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint. valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: >- Reference to the key in the ConfigMap containing the configuration. description: >- ConfigMap entry where the Prometheus JMX Exporter configuration is stored. values: type: object properties: allowList: type: array items: type: string description: >- A list of regex patterns to filter the metrics to collect. Should contain at least one element. description: Configuration values for the Strimzi Metrics Reporter. required: - type description: Metrics configuration. x-kubernetes-validations: - rule: >- self.type != 'jmxPrometheusExporter' || has(self.valueFrom) message: valueFrom property is required tracing: type: object properties: type: type: string enum: - jaeger - opentelemetry description: >- Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored. required: - type description: The configuration of tracing in Kafka Connect. template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. deploymentStrategy: type: string enum: - RollingUpdate - Recreate description: >- Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Kafka Connect `Deployment`. podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka Connect `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect API `Service`. headlessService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. ipFamilyPolicy: type: string enum: - SingleStack - PreferDualStack - RequireDualStack description: >- Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: type: string enum: - IPv4 - IPv6 description: >- Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. description: Template for Kafka Connect headless `Service`. connectContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 description: >- Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. description: Template for Kafka Connect `PodDisruptionBudget`. serviceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: >- Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: >- Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: >- Metadata to apply to the `PodDisruptionBudgetTemplate` resource. pullSecret: type: string description: >- Container Registry Secret with the credentials for pulling the base image. description: >- Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift. buildServiceAccount: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. jmxSecret: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Secret of the Kafka Connect Cluster JMX authentication. description: >- Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. externalConfiguration: type: object properties: env: type: array items: type: object properties: name: type: string description: >- Name of the environment variable which will be passed to the Kafka Connect pods. The name of the environment variable cannot start with `KAFKA_` or `STRIMZI_`. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a Secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a ConfigMap. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap. required: - name - valueFrom description: >- Makes data from a Secret or ConfigMap available in the Kafka Connect pods as environment variables. volumes: type: array items: type: object properties: name: type: string description: >- Name of the volume which will be added to the Kafka Connect pods. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: >- Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified. configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: >- Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified. oneOf: - properties: secret: {} required: - secret - properties: configMap: {} required: - configMap required: - name description: >- Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes. description: >- Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors. build: type: object properties: output: type: object properties: additionalBuildOptions: type: array items: type: string description: >- Configures additional options to pass to the `build` command of either Kaniko or Buildah (depending on the feature gate setting) when building a new Kafka Connect image. Allowed Kaniko options: --customPlatform, --custom-platform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run, --registry-certificate, --registry-client-cert, --ignore-path. Allowed Buildah `build` options: --authfile, --cert-dir, --creds, --decryption-key, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Kaniko and Buildah are available. They are ignored on OpenShift. For more information, see the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^] or the link:https://github.com/containers/buildah/blob/main/docs/buildah-build.1.md[Buildah build document^]. Changing this field does not trigger a rebuild of the Kafka Connect image. additionalKanikoOptions: type: array items: type: string description: >- Configures additional options which will be passed to the Kaniko executor when building the new Connect image. Allowed options are: --customPlatform, --custom-platform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run, --registry-certificate, --registry-client-cert, --ignore-path. These options will be used only on Kubernetes where the Kaniko executor is used. They will be ignored on OpenShift. The options are described in the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^]. Changing this field does not trigger new build of the Kafka Connect image. additionalPushOptions: type: array items: type: string description: >- Configures additional options to pass to the Buildah `push` command when pushing a new Connect image. Allowed options: --authfile, --cert-dir, --creds, --quiet, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Buildah is available. They are ignored on OpenShift. For more information, see the link:https://github.com/containers/buildah/blob/main/docs/buildah-push.1.md[Buildah push document^]. Changing this field does not trigger a rebuild of the Kafka Connect image. image: type: string description: The name of the image which will be built. Required. pushSecret: type: string description: >- Container Registry Secret with the credentials for pushing the newly built image. type: type: string enum: - docker - imagestream description: >- Output type. Must be either `docker` for pushing the newly build image to Docker compatible registry or `imagestream` for pushing the image to OpenShift ImageStream. Required. required: - image - type description: >- Configures where should the newly built image be stored. Required. plugins: type: array items: type: object properties: name: type: string pattern: '^[a-z0-9][-_a-z0-9]*[a-z0-9]$' description: >- The unique name of the connector plugin. Will be used to generate the path where the connector artifacts will be stored. The name has to be unique within the KafkaConnect resource. The name has to follow the following pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required. artifacts: type: array items: type: object properties: artifact: type: string description: >- Maven artifact id. Applicable to the `maven` artifact type only. fileName: type: string description: >- Name under which the artifact will be stored. group: type: string description: >- Maven group id. Applicable to the `maven` artifact type only. insecure: type: boolean description: >- By default, connections using TLS are verified to check they are secure. The server certificate used must be valid, trusted, and contain the server name. By setting this option to `true`, all TLS verification is disabled and the artifact will be downloaded, even when the server is considered insecure. repository: type: string description: >- Maven repository to download the artifact from. Applicable to the `maven` artifact type only. sha512sum: type: string description: >- SHA512 checksum of the artifact. Optional. If specified, the checksum will be verified while building the new container. If not specified, the downloaded artifact will not be verified. Not applicable to the `maven` artifact type. type: type: string enum: - jar - tgz - zip - maven - other description: >- Artifact type. Currently, the supported artifact types are `tgz`, `jar`, `zip`, `other` and `maven`. url: type: string pattern: >- ^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$ description: >- URL of the artifact which will be downloaded. Strimzi does not do any security scanning of the downloaded artifacts. For security reasons, you should first verify the artifacts manually and configure the checksum verification to make sure the same artifact is used in the automated build. Required for `jar`, `zip`, `tgz` and `other` artifacts. Not applicable to the `maven` artifact type. version: type: string description: >- Maven version number. Applicable to the `maven` artifact type only. required: - type description: >- List of artifacts which belong to this connector plugin. Required. required: - name - artifacts description: >- List of connector plugins which should be added to the Kafka Connect. Required. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve for the build. required: - output - plugins description: >- Configures how the Connect container image should be built. Optional. plugins: type: array items: type: object properties: name: type: string pattern: '^[a-z0-9][-_a-z0-9]*[a-z0-9]$' description: >- A unique name for the connector plugin. This name is used to generate the mount path for the connector artifacts. The name has to be unique within the KafkaConnect resource. The name must be unique within the `KafkaConnect` resource and match the pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required. artifacts: type: array items: type: object properties: pullPolicy: type: string description: >- Policy that determines when the container image (OCI artifact) is pulled. Possible values are: * `Always`: Always pull the image. If the pull fails, container creation fails. * `Never`: Never pull the image. Use only a locally available image. Container creation fails if the image isn’t present. * `IfNotPresent`: Pull the image only if it’s not already available locally. Container creation fails if the image isn’t present and the pull fails. Defaults to `Always` if `:latest` tag is specified, or `IfNotPresent` otherwise. reference: type: string description: >- Reference to the container image (OCI artifact) containing the Kafka Connect plugin. The image is mounted as a volume and provides the plugin binary. Required. type: type: string enum: - image description: >- Artifact type. Currently, the only supported artifact type is `image`. required: - reference - type description: >- List of artifacts associated with this connector plugin. Required. required: - name - artifacts description: >- List of connector plugins to mount into the `KafkaConnect` pod. required: - bootstrapServers description: The specification of the Kafka Connect cluster. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. url: type: string description: >- The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. connectorPlugins: type: array items: type: object properties: class: type: string description: The class of the connector plugin. type: type: string description: >- The type of the connector plugin. The available types are `sink` and `source`. version: type: string description: The version of the connector plugin. description: >- The list of connector plugins available in this Kafka Connect deployment. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the Kafka Connect cluster. --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: strimzi-cluster-operator labels: app: strimzi namespace: kafka subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-cluster-operator-namespaced apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-cluster-operator-watched labels: app: strimzi rules: - apiGroups: - '' resources: - pods verbs: - watch - list - apiGroups: - kafka.strimzi.io resources: - kafkas - kafkanodepools - kafkaconnects - kafkaconnectors - kafkabridges - kafkamirrormaker2s - kafkarebalances verbs: - get - list - watch - create - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkas/status - kafkanodepools/status - kafkaconnects/status - kafkaconnectors/status - kafkabridges/status - kafkamirrormaker2s/status - kafkarebalances/status verbs: - get - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkas/finalizers - kafkanodepools/finalizers - kafkaconnects/finalizers - kafkaconnectors/finalizers - kafkabridges/finalizers - kafkamirrormaker2s/finalizers - kafkarebalances/finalizers verbs: - update - apiGroups: - core.strimzi.io resources: - strimzipodsets verbs: - get - list - watch - create - delete - patch - update - apiGroups: - core.strimzi.io resources: - strimzipodsets/status verbs: - get - patch - update - apiGroups: - core.strimzi.io resources: - strimzipodsets/finalizers verbs: - update - apiGroups: - kafka.strimzi.io resources: - kafkarebalances verbs: - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: strimzi-cluster-operator-leader-election labels: app: strimzi namespace: kafka subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-cluster-operator-leader-election apiGroup: rbac.authorization.k8s.io --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkaconnectors.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaConnector listKind: KafkaConnectorList singular: kafkaconnector plural: kafkaconnectors shortNames: - kctr categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} scale: specReplicasPath: .spec.tasksMax statusReplicasPath: .status.tasksMax additionalPrinterColumns: - name: Cluster description: The name of the Kafka Connect cluster this connector belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Connector class description: The class used by this connector jsonPath: .spec.class type: string - name: Max Tasks description: Maximum number of tasks jsonPath: .spec.tasksMax type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: class: type: string description: The Class for the Kafka Connector. tasksMax: type: integer minimum: 1 description: The maximum number of tasks for the Kafka Connector. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: Automatic restart of connector and tasks configuration. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. state: type: string enum: - paused - stopped - running description: The state the connector should be in. Defaults to running. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: The specification of the Kafka Connector. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. autoRestart: type: object properties: count: type: integer description: The number of times the connector or task is restarted. connectorName: type: string description: The name of the connector being restarted. lastRestartTimestamp: type: string description: >- The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone. description: The auto restart status. connectorStatus: x-kubernetes-preserve-unknown-fields: true type: object description: >- The connector status, as reported by the Kafka Connect REST API. tasksMax: type: integer description: The maximum number of tasks for the Kafka Connector. topics: type: array items: type: string description: The list of topics used by the Kafka Connector. description: The status of the Kafka Connector. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaConnector API is deprecated. Please use the v1 version instead. subresources: status: {} scale: specReplicasPath: .spec.tasksMax statusReplicasPath: .status.tasksMax additionalPrinterColumns: - name: Cluster description: The name of the Kafka Connect cluster this connector belongs to jsonPath: .metadata.labels.strimzi\.io/cluster type: string - name: Connector class description: The class used by this connector jsonPath: .spec.class type: string - name: Max Tasks description: Maximum number of tasks jsonPath: .spec.tasksMax type: integer - name: Ready description: The state of the custom resource jsonPath: '.status.conditions[?(@.type=="Ready")].status' type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: class: type: string description: The Class for the Kafka Connector. tasksMax: type: integer minimum: 1 description: The maximum number of tasks for the Kafka Connector. autoRestart: type: object properties: enabled: type: boolean description: >- Whether automatic restart for failed connectors and tasks should be enabled or disabled. maxRestarts: type: integer description: >- The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts. description: Automatic restart of connector and tasks configuration. version: type: string description: >- Desired version or version range to respect when starting the Kafka Connector. This is only supported when using Kafka Connect version 4.1.0 and higher. config: x-kubernetes-preserve-unknown-fields: true type: object description: >- The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max. pause: type: boolean description: Whether the connector should be paused. Defaults to false. state: type: string enum: - paused - stopped - running description: The state the connector should be in. Defaults to running. listOffsets: type: object properties: toConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the list of offsets will be written to. required: - toConfigMap description: Configuration for listing offsets. alterOffsets: type: object properties: fromConfigMap: type: object properties: name: type: string description: >- Reference to the ConfigMap where the new offsets are stored. required: - fromConfigMap description: Configuration for altering offsets. description: The specification of the Kafka Connector. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. autoRestart: type: object properties: count: type: integer description: The number of times the connector or task is restarted. connectorName: type: string description: The name of the connector being restarted. lastRestartTimestamp: type: string description: >- The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone. description: The auto restart status. connectorStatus: x-kubernetes-preserve-unknown-fields: true type: object description: >- The connector status, as reported by the Kafka Connect REST API. tasksMax: type: integer description: The maximum number of tasks for the Kafka Connector. topics: type: array items: type: string description: The list of topics used by the Kafka Connector. description: The status of the Kafka Connector. --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkanodepools.kafka.strimzi.io labels: app: strimzi strimzi.io/crd-install: 'true' spec: group: kafka.strimzi.io names: kind: KafkaNodePool listKind: KafkaNodePoolList singular: kafkanodepool plural: kafkanodepools shortNames: - knp categories: - strimzi scope: Namespaced conversion: strategy: None versions: - name: v1 served: true storage: false subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of replicas jsonPath: .spec.replicas type: integer - name: Roles description: Roles of the nodes in the pool jsonPath: .status.roles type: string - name: NodeIds description: Node IDs used by Kafka nodes in this pool jsonPath: .status.nodeIds type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: replicas: type: integer minimum: 0 description: The number of pods in the pool. storage: type: object properties: class: type: string description: The storage class to use for dynamic volume allocation. deleteClaim: type: boolean description: >- Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. id: type: integer minimum: 0 description: >- Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. kraftMetadata: type: string enum: - shared description: >- Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. selector: additionalProperties: type: string type: object description: >- Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string description: >- When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). type: type: string enum: - ephemeral - persistent-claim - jbod description: >- Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'. volumeAttributesClass: type: string description: >- Specifies `VolumeAttributeClass` name for dynamically configuring storage attributes. volumes: type: array items: type: object properties: class: type: string description: >- The storage class to use for dynamic volume allocation. deleteClaim: type: boolean description: >- Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. id: type: integer minimum: 0 description: >- Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration. kraftMetadata: type: string enum: - shared description: >- Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. selector: additionalProperties: type: string type: object description: >- Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string description: >- When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). type: type: string enum: - ephemeral - persistent-claim description: >- Storage type, must be either 'ephemeral' or 'persistent-claim'. volumeAttributesClass: type: string description: >- Specifies `VolumeAttributeClass` name for dynamically configuring storage attributes. required: - type description: >- List of volumes as Storage objects representing the JBOD disks array. required: - type description: Storage configuration (disk). Cannot be updated. roles: type: array items: type: string enum: - controller - broker description: >- The roles assigned to the node pool. Supported values are `broker` and `controller`. This property is required. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. template: type: object properties: podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. perPodService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Services` used for access from outside of Kubernetes. perPodRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Routes` used for access from outside of OpenShift. perPodIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. persistentVolumeClaim: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for all Kafka `PersistentVolumeClaims`. kafkaContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. description: >- Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated. required: - replicas - storage - roles description: The specification of the KafkaNodePool. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. nodeIds: type: array items: type: integer description: Node IDs used by Kafka nodes in this pool. clusterId: type: string description: Kafka cluster ID. roles: type: array items: type: string enum: - controller - broker description: The roles currently assigned to this pool. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the KafkaNodePool. required: - spec - name: v1beta2 served: true storage: true deprecated: true deprecationWarning: >- Version v1beta2 of the KafkaNodePool API is deprecated. Please use the v1 version instead. subresources: status: {} scale: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas labelSelectorPath: .status.labelSelector additionalPrinterColumns: - name: Desired replicas description: The desired number of replicas jsonPath: .spec.replicas type: integer - name: Roles description: Roles of the nodes in the pool jsonPath: .status.roles type: string - name: NodeIds description: Node IDs used by Kafka nodes in this pool jsonPath: .status.nodeIds type: string schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object properties: replicas: type: integer minimum: 0 description: The number of pods in the pool. storage: type: object properties: class: type: string description: The storage class to use for dynamic volume allocation. deleteClaim: type: boolean description: >- Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. id: type: integer minimum: 0 description: >- Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. kraftMetadata: type: string enum: - shared description: >- Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. overrides: type: array items: type: object properties: class: type: string description: >- The storage class to use for dynamic volume allocation for this broker. broker: type: integer description: Id of the kafka broker (broker identifier). description: >- As of Strimzi 0.46.0, the storage overrides for individual brokers are not supported anymore and this option is ignored. selector: additionalProperties: type: string type: object description: >- Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string description: >- When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). type: type: string enum: - ephemeral - persistent-claim - jbod description: >- Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'. volumeAttributesClass: type: string description: >- Specifies `VolumeAttributeClass` name for dynamically configuring storage attributes. volumes: type: array items: type: object properties: class: type: string description: >- The storage class to use for dynamic volume allocation. deleteClaim: type: boolean description: >- Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. id: type: integer minimum: 0 description: >- Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration. kraftMetadata: type: string enum: - shared description: >- Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. overrides: type: array items: type: object properties: class: type: string description: >- The storage class to use for dynamic volume allocation for this broker. broker: type: integer description: Id of the kafka broker (broker identifier). description: >- As of Strimzi 0.46.0, the storage overrides for individual brokers are not supported anymore and this option is ignored. selector: additionalProperties: type: string type: object description: >- Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string description: >- When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). type: type: string enum: - ephemeral - persistent-claim description: >- Storage type, must be either 'ephemeral' or 'persistent-claim'. volumeAttributesClass: type: string description: >- Specifies `VolumeAttributeClass` name for dynamically configuring storage attributes. required: - type description: >- List of volumes as Storage objects representing the JBOD disks array. required: - type description: Storage configuration (disk). Cannot be updated. roles: type: array items: type: string enum: - controller - broker description: >- The roles assigned to the node pool. Supported values are `broker` and `controller`. This property is required. resources: type: object properties: claims: type: array items: type: object properties: name: type: string request: type: string limits: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: >- ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object description: CPU and memory resources to reserve. jvmOptions: type: object properties: '-XX': additionalProperties: type: string type: object description: A map of -XX options to the JVM. '-Xmx': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xmx option to to the JVM.' '-Xms': type: string pattern: '^[0-9]+[mMgG]?$' description: '-Xms option to to the JVM.' gcLoggingEnabled: type: boolean description: >- Specifies whether the Garbage Collection logging is enabled. The default is false. javaSystemProperties: type: array items: type: object properties: name: type: string description: The system property name. value: type: string description: The system property value. description: >- A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. template: type: object properties: podSet: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Kafka `StrimziPodSet` resource. pod: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. imagePullSecrets: type: array items: type: object properties: name: type: string description: >- List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. securityContext: type: object properties: appArmorProfile: type: object properties: localhostProfile: type: string type: type: string fsGroup: type: integer fsGroupChangePolicy: type: string runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxChangePolicy: type: string seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string supplementalGroups: type: array items: type: integer supplementalGroupsPolicy: type: string sysctls: type: array items: type: object properties: name: type: string value: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: >- Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 description: >- The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string mismatchLabelKeys: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object namespaces: type: array items: type: string topologyKey: type: string description: The pod's affinity rules. tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string description: The pod's tolerations. topologySpreadConstraints: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: additionalProperties: type: string type: object matchLabelKeys: type: array items: type: string maxSkew: type: integer minDomains: type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string description: The pod's topology spread constraints. priorityClassName: type: string description: >- The name of the priority class used to assign priority to the pods. schedulerName: type: string description: >- The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. hostAliases: type: array items: type: object properties: hostnames: type: array items: type: string ip: type: string description: >- The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. dnsPolicy: type: string enum: - ClusterFirst - ClusterFirstWithHostNet - Default - None description: >- The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. dnsConfig: type: object properties: nameservers: type: array items: type: string options: type: array items: type: object properties: name: type: string value: type: string searches: type: array items: type: string description: >- The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy. enableServiceLinks: type: boolean description: >- Indicates whether information about services should be injected into Pod's environment variables. tmpDirSizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. volumes: type: array items: type: object properties: name: type: string description: Name to use for the volume. Required. secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string description: '`Secret` to use to populate the volume.' configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean description: '`ConfigMap` to use to populate the volume.' emptyDir: type: object properties: medium: type: string enum: - Memory description: >- Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium. sizeLimit: type: string pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' description: >- The total amount of local storage required for this EmptyDir volume (for example 1Gi). description: '`EmptyDir` to use to populate the volume.' persistentVolumeClaim: type: object properties: claimName: type: string readOnly: type: boolean description: >- `PersistentVolumeClaim` object to use to populate the volume. csi: type: object properties: driver: type: string fsType: type: string nodePublishSecretRef: type: object properties: name: type: string readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object description: >- `CSIVolumeSource` object to use to populate the volume. image: type: object properties: pullPolicy: type: string reference: type: string description: >- `ImageVolumeSource` object to use to populate the volume. oneOf: - properties: secret: {} configMap: {} emptyDir: {} persistentVolumeClaim: {} csi: {} image: {} description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. perPodService: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Services` used for access from outside of Kubernetes. perPodRoute: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Routes` used for access from outside of OpenShift. perPodIngress: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: >- Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. persistentVolumeClaim: type: object properties: metadata: type: object properties: labels: additionalProperties: type: string type: object description: Labels added to the Kubernetes resource. annotations: additionalProperties: type: string type: object description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for all Kafka `PersistentVolumeClaims`. kafkaContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object properties: env: type: array items: type: object properties: name: type: string description: The environment variable key. value: type: string description: The environment variable value. valueFrom: type: object properties: secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a secret. configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean description: Reference to a key in a config map. oneOf: - properties: secretKeyRef: {} required: - secretKeyRef - properties: configMapKeyRef: {} required: - configMapKeyRef description: >- Reference to the secret or config map property to which the environment variable is set. oneOf: - properties: value: {} required: - value - properties: valueFrom: {} required: - valueFrom description: >- Environment variables which should be applied to the container. securityContext: type: object properties: allowPrivilegeEscalation: type: boolean appArmorProfile: type: object properties: localhostProfile: type: string type: type: string capabilities: type: object properties: add: type: array items: type: string drop: type: array items: type: string privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string seccompProfile: type: object properties: localhostProfile: type: string type: type: string windowsOptions: type: object properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string description: Security context for the container. volumeMounts: type: array items: type: object properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean recursiveReadOnly: type: string subPath: type: string subPathExpr: type: string description: >- Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. description: >- Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated. required: - replicas - storage - roles description: The specification of the KafkaNodePool. status: type: object properties: conditions: type: array items: type: object properties: type: type: string description: >- The unique identifier of a condition, used to distinguish between other conditions in the resource. status: type: string description: >- The status of the condition, either True, False or Unknown. lastTransitionTime: type: string description: >- Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. reason: type: string description: >- The reason for the condition's last transition (a single word in CamelCase). message: type: string description: >- Human-readable message indicating details about the condition's last transition. description: List of status conditions. observedGeneration: type: integer description: >- The generation of the CRD that was last reconciled by the operator. nodeIds: type: array items: type: integer description: Node IDs used by Kafka nodes in this pool. clusterId: type: string description: Kafka cluster ID. roles: type: array items: type: string enum: - controller - broker description: The roles currently assigned to this pool. replicas: type: integer description: >- The current number of pods being used to provide this resource. labelSelector: type: string description: Label selector for pods providing this resource. description: The status of the KafkaNodePool. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: strimzi-cluster-operator-kafka-broker-delegation labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-kafka-broker apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: strimzi-kafka-client labels: app: strimzi rules: - apiGroups: - '' resources: - nodes verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: strimzi-cluster-operator labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: kafka roleRef: kind: ClusterRole name: strimzi-cluster-operator-global apiGroup: rbac.authorization.k8s.io