diff --git a/operators/ack-opensearchservice-controller/1.0.1/bundle.Dockerfile b/operators/ack-opensearchservice-controller/1.0.1/bundle.Dockerfile new file mode 100644 index 00000000000..7af9121d082 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-opensearchservice-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..d260085a8f8 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml @@ -0,0 +1,263 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "opensearchservice.services.k8s.aws/v1alpha1", + "kind": "Domain", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/opensearchservice-controller:1.0.1 + createdAt: "2024-10-12T00:09:44Z" + description: AWS OpenSearch Service controller is a service controller for managing + OpenSearch Service resources in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-opensearchservice-controller.v1.0.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Domain represents the state of an AWS opensearchservice Domain + resource. + displayName: Domain + kind: Domain + name: domains.opensearchservice.services.k8s.aws + version: v1alpha1 + description: |- + Manage OpenSearch Service resources in AWS from within your Kubernetes cluster. + + **About Amazon OpenSearch Service** + + Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS. When you create a cluster, you have the option of which search engine to use. OpenSearch Service offers broad compatibility with Elasticsearch OSS 7.10, the final open source version of the software. For information about what changed with the recent service renaming, and the actions you might need to take, see [Amazon OpenSearch Service - Summary of changes](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html). + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon OpenSearch Service + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-opensearchservice-controller + deployments: + - label: + app.kubernetes.io/name: ack-opensearchservice-controller + app.kubernetes.io/part-of: ack-system + name: ack-opensearchservice-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-opensearchservice-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-opensearchservice-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-opensearchservice-user-config + optional: false + - secretRef: + name: ack-opensearchservice-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/opensearchservice-controller:1.0.1 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-opensearchservice-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-opensearchservice-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - opensearchservice + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon OpenSearch Service Developer Resources + url: https://aws.amazon.com/opensearch-service/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: opensearch service maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.0.1 diff --git a/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-metrics-service_v1_service.yaml b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..18d485852e5 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-opensearchservice-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-opensearchservice-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..f2b11d6523f --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-opensearchservice-reader +rules: +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - get + - list + - watch diff --git a/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..e7b6171bddb --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-opensearchservice-writer +rules: +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - get + - patch + - update diff --git a/operators/ack-opensearchservice-controller/1.0.1/manifests/opensearchservice.services.k8s.aws_domains.yaml b/operators/ack-opensearchservice-controller/1.0.1/manifests/opensearchservice.services.k8s.aws_domains.yaml new file mode 100644 index 00000000000..805091c2d43 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/manifests/opensearchservice.services.k8s.aws_domains.yaml @@ -0,0 +1,645 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + creationTimestamp: null + name: domains.opensearchservice.services.k8s.aws +spec: + group: opensearchservice.services.k8s.aws + names: + kind: Domain + listKind: DomainList + plural: domains + singular: domain + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Domain is the Schema for the Domains API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DomainSpec defines the desired state of Domain. + properties: + accessPolicies: + description: |- + Identity and Access Management (IAM) policy document specifying the access + policies for the new domain. + type: string + advancedOptions: + additionalProperties: + type: string + description: |- + Key-value pairs to specify advanced configuration options. The following + key-value pairs are supported: + + * "rest.action.multi.allow_explicit_index": "true" | "false" - Note the + use of a string rather than a boolean. Specifies whether explicit references + to indexes are allowed inside the body of HTTP requests. If you want to + configure access policies for domain sub-resources, such as specific indexes + and domain APIs, you must disable this property. Default is true. + + * "indices.fielddata.cache.size": "80" - Note the use of a string rather + than a boolean. Specifies the percentage of heap space allocated to field + data. Default is unbounded. + + * "indices.query.bool.max_clause_count": "1024" - Note the use of a string + rather than a boolean. Specifies the maximum number of clauses allowed + in a Lucene boolean query. Default is 1,024. Queries with more than the + permitted number of clauses result in a TooManyClauses error. + + * "override_main_response_version": "true" | "false" - Note the use of + a string rather than a boolean. Specifies whether the domain reports its + version as 7.10 to allow Elasticsearch OSS clients and plugins to continue + working with it. Default is false when creating a domain and true when + upgrading a domain. + + For more information, see Advanced cluster parameters (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options). + type: object + advancedSecurityOptions: + description: Options for fine-grained access control. + properties: + anonymousAuthEnabled: + type: boolean + enabled: + type: boolean + internalUserDatabaseEnabled: + type: boolean + jwtOptions: + description: |- + The JWT authentication and authorization configuration for an Amazon OpenSearch + Service domain. + properties: + enabled: + type: boolean + publicKey: + type: string + rolesKey: + type: string + subjectKey: + type: string + type: object + masterUserOptions: + description: Credentials for the master user for a domain. + properties: + masterUserARN: + description: |- + The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities + (https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in Using Amazon + Web Services Identity and Access Management for more information. + type: string + masterUserName: + type: string + masterUserPassword: + description: |- + SecretKeyReference combines a k8s corev1.SecretReference with a + specific key within the referred-to Secret + properties: + key: + description: Key is the key within the secret + type: string + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + sAMLOptions: + description: The SAML authentication configuration for an Amazon + OpenSearch Service domain. + properties: + enabled: + type: boolean + idp: + description: The SAML identity povider information. + properties: + entityID: + type: string + metadataContent: + type: string + type: object + masterBackendRole: + type: string + masterUserName: + type: string + rolesKey: + type: string + sessionTimeoutMinutes: + format: int64 + type: integer + subjectKey: + type: string + type: object + type: object + aimlOptions: + description: Options for all machine learning features for the specified + domain. + properties: + naturalLanguageQueryGenerationOptions: + description: |- + Container for parameters required to enable the natural language query generation + feature. + properties: + desiredState: + type: string + type: object + type: object + autoTuneOptions: + description: Options for Auto-Tune. + properties: + desiredState: + description: The Auto-Tune desired state. Valid values are ENABLED + and DISABLED. + type: string + maintenanceSchedules: + items: + description: |- + This object is deprecated. Use the domain's off-peak window (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html) + to schedule Auto-Tune optimizations. For migration instructions, see Migrating + from Auto-Tune maintenance windows (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html#off-peak-migrate). + + The Auto-Tune maintenance schedule. For more information, see Auto-Tune for + Amazon OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html). + properties: + cronExpressionForRecurrence: + type: string + duration: + description: |- + The duration of a maintenance schedule. For more information, see Auto-Tune + for Amazon OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html). + properties: + unit: + description: The unit of a maintenance schedule duration. + Valid value is HOUR. + type: string + value: + description: Integer that specifies the value of a maintenance + schedule duration. + format: int64 + type: integer + type: object + startAt: + format: date-time + type: string + type: object + type: array + useOffPeakWindow: + type: boolean + type: object + clusterConfig: + description: Container for the cluster configuration of a domain. + properties: + coldStorageOptions: + description: |- + Container for the parameters required to enable cold storage for an OpenSearch + Service domain. For more information, see Cold storage for Amazon OpenSearch + Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html). + properties: + enabled: + type: boolean + type: object + dedicatedMasterCount: + format: int64 + type: integer + dedicatedMasterEnabled: + type: boolean + dedicatedMasterType: + type: string + instanceCount: + format: int64 + type: integer + instanceType: + type: string + multiAZWithStandbyEnabled: + type: boolean + warmCount: + format: int64 + type: integer + warmEnabled: + type: boolean + warmType: + type: string + zoneAwarenessConfig: + description: The zone awareness configuration for an Amazon OpenSearch + Service domain. + properties: + availabilityZoneCount: + format: int64 + type: integer + type: object + zoneAwarenessEnabled: + type: boolean + type: object + cognitoOptions: + description: |- + Key-value pairs to configure Amazon Cognito authentication. For more information, + see Configuring Amazon Cognito authentication for OpenSearch Dashboards (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html). + properties: + enabled: + type: boolean + identityPoolID: + type: string + roleARN: + type: string + userPoolID: + type: string + type: object + domainEndpointOptions: + description: |- + Additional options for the domain endpoint, such as whether to require HTTPS + for all traffic. + properties: + customEndpoint: + type: string + customEndpointCertificateARN: + description: |- + The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities + (https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in Using Amazon + Web Services Identity and Access Management for more information. + type: string + customEndpointEnabled: + type: boolean + enforceHTTPS: + type: boolean + tlsSecurityPolicy: + type: string + type: object + ebsOptions: + description: |- + Container for the parameters required to enable EBS-based storage for an + OpenSearch Service domain. + properties: + ebsEnabled: + type: boolean + iops: + format: int64 + type: integer + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + description: |- + The type of EBS volume that a domain uses. For more information, see Configuring + EBS-based storage (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/opensearch-createupdatedomains.html#opensearch-createdomain-configure-ebs). + type: string + type: object + encryptionAtRestOptions: + description: Key-value pairs to enable encryption at rest. + properties: + enabled: + type: boolean + kmsKeyID: + type: string + type: object + engineVersion: + description: |- + String of format Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine + version for the OpenSearch Service domain. For example, OpenSearch_1.0 or + Elasticsearch_7.9. For more information, see Creating and managing Amazon + OpenSearch Service domains (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomains). + type: string + ipAddressType: + description: |- + Specify either dual stack or IPv4 as your IP address type. Dual stack allows + you to share domain resources across IPv4 and IPv6 address types, and is + the recommended option. If you set your IP address type to dual stack, you + can't change your address type later. + type: string + logPublishingOptions: + additionalProperties: + description: |- + Specifies whether the Amazon OpenSearch Service domain publishes the OpenSearch + application and slow logs to Amazon CloudWatch. For more information, see + Monitoring OpenSearch logs with Amazon CloudWatch Logs (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html). + + After you enable log publishing, you still have to enable the collection + of slow logs using the OpenSearch REST API. + properties: + cloudWatchLogsLogGroupARN: + description: ARN of the Cloudwatch log group to publish logs + to. + type: string + enabled: + type: boolean + type: object + description: Key-value pairs to configure log publishing. + type: object + name: + description: |- + Name of the OpenSearch Service domain to create. Domain names are unique + across the domains owned by an account within an Amazon Web Services Region. + type: string + nodeToNodeEncryptionOptions: + description: Enables node-to-node encryption. + properties: + enabled: + type: boolean + type: object + offPeakWindowOptions: + description: |- + Specifies a daily 10-hour time block during which OpenSearch Service can + perform configuration changes on the domain, including service software updates + and Auto-Tune enhancements that require a blue/green deployment. If no options + are specified, the default start time of 10:00 P.M. local time (for the Region + that the domain is created in) is used. + properties: + enabled: + type: boolean + offPeakWindow: + description: |- + A custom 10-hour, low-traffic window during which OpenSearch Service can + perform mandatory configuration changes on the domain. These actions can + include scheduled service software updates and blue/green Auto-Tune enhancements. + OpenSearch Service will schedule these actions during the window that you + specify. + + If you don't specify a window start time, it defaults to 10:00 P.M. local + time. + + For more information, see Defining off-peak maintenance windows for Amazon + OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html). + properties: + windowStartTime: + description: The desired start time for an off-peak maintenance + window (https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_OffPeakWindow.html). + properties: + hours: + format: int64 + type: integer + minutes: + format: int64 + type: integer + type: object + type: object + type: object + softwareUpdateOptions: + description: Software update options for the domain. + properties: + autoSoftwareUpdateEnabled: + type: boolean + type: object + tags: + description: List of tags to add to the domain upon creation. + items: + description: A tag (key-value pair) for an Amazon OpenSearch Service + resource. + properties: + key: + description: |- + A string between 1 to 128 characters that specifies the key for a tag. Tag + keys must be unique for the domain to which they're attached. + type: string + value: + description: |- + A string between 0 to 256 characters that specifies the value for a tag. + Tag values can be null and don't have to be unique in a tag set. + type: string + type: object + type: array + vpcOptions: + description: |- + Container for the values required to configure VPC access domains. If you + don't specify these values, OpenSearch Service creates the domain with a + public endpoint. For more information, see Launching your Amazon OpenSearch + Service domains using a VPC (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html). + properties: + securityGroupIDs: + items: + type: string + type: array + subnetIDs: + items: + type: string + type: array + type: object + required: + - name + type: object + status: + description: DomainStatus defines the observed state of Domain + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + changeProgressDetails: + description: Information about a configuration change happening on + the domain. + properties: + changeID: + type: string + configChangeStatus: + type: string + initiatedBy: + type: string + lastUpdatedTime: + format: date-time + type: string + message: + type: string + startTime: + format: date-time + type: string + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + created: + description: |- + Creation status of an OpenSearch Service domain. True if domain creation + is complete. False if domain creation is still in progress. + type: boolean + deleted: + description: |- + Deletion status of an OpenSearch Service domain. True if domain deletion + is complete. False if domain deletion is still in progress. Once deletion + is complete, the status of the domain is no longer returned. + type: boolean + domainEndpointV2HostedZoneID: + description: The dual stack hosted zone ID for the domain. + type: string + domainID: + description: Unique identifier for the domain. + type: string + domainProcessingStatus: + description: The status of any changes that are currently in progress + for the domain. + type: string + endpoint: + description: |- + Domain-specific endpoint used to submit index, search, and data upload requests + to the domain. + type: string + endpointV2: + description: |- + If IPAddressType to set to dualstack, a version 2 domain endpoint is provisioned. + This endpoint functions like a normal endpoint, except that it works with + both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP + addresses. + type: string + endpoints: + additionalProperties: + type: string + description: |- + The key-value pair that exists if the OpenSearch Service domain uses VPC + endpoints. For example: + + * IPv4 IP addresses - 'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com' + + * Dual stack IP addresses - 'vpcv2':'vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.aos.us-east-1.on.aws' + type: object + modifyingProperties: + description: Information about the domain properties that are currently + being modified. + items: + description: Information about the domain properties that are currently + being modified. + properties: + activeValue: + type: string + name: + type: string + pendingValue: + type: string + valueType: + type: string + type: object + type: array + processing: + description: |- + The status of the domain configuration. True if OpenSearch Service is processing + configuration changes. False if the configuration is active. + type: boolean + serviceSoftwareOptions: + description: The current status of the domain's service software. + properties: + automatedUpdateDate: + format: date-time + type: string + cancellable: + type: boolean + currentVersion: + type: string + description: + type: string + newVersion: + type: string + optionalDeployment: + type: boolean + updateAvailable: + type: boolean + updateStatus: + type: string + type: object + snapshotOptions: + description: |- + DEPRECATED. Container for parameters required to configure automated snapshots + of domain indexes. + properties: + automatedSnapshotStartHour: + format: int64 + type: integer + type: object + upgradeProcessing: + description: |- + The status of a domain version upgrade to a new version of OpenSearch or + Elasticsearch. True if OpenSearch Service is in the process of a version + upgrade. False if the configuration is active. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-opensearchservice-controller/1.0.1/metadata/annotations.yaml b/operators/ack-opensearchservice-controller/1.0.1/metadata/annotations.yaml new file mode 100644 index 00000000000..3e37339fe93 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-opensearchservice-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-opensearchservice-controller/1.0.1/tests/scorecard/config.yaml b/operators/ack-opensearchservice-controller/1.0.1/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-opensearchservice-controller/1.0.1/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}