From 9861e983357358b883ae598fdc119806c28f1294 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Wed, 24 May 2023 20:49:35 +0300 Subject: [PATCH] Change experimental to beta for Istio and Kafka. --- .../intents-operator/helm-chart.mdx | 27 ++++++++++--------- .../network-mapper/helm-chart.mdx | 18 ++++++------- .../network-mapper/kafka-watcher.mdx | 2 +- .../configuration/otterize-chart/README.mdx | 21 ++++++++++----- 4 files changed, 38 insertions(+), 30 deletions(-) diff --git a/docs/reference/configuration/intents-operator/helm-chart.mdx b/docs/reference/configuration/intents-operator/helm-chart.mdx index cc83275f7..55e87b63a 100644 --- a/docs/reference/configuration/intents-operator/helm-chart.mdx +++ b/docs/reference/configuration/intents-operator/helm-chart.mdx @@ -24,19 +24,20 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor ## Operator parameters -| Key | Description | Default | -|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `operator.image.repository` | Intents Operator image repository. | `otterize` | -| `operator.image.image` | Intents Operator image. | `intents-operator` | -| `operator.image.tag` | Intents Operator image tag. | `latest` | -| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` | -| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` | -| `operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | -| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` | -| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` | -| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | -| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | -| `operator.resources` | Resources override. | | +## Operator parameters +| Key | Description | Default | +|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `operator.image.repository` | Intents Operator image repository. | `otterize` | +| `operator.image.image` | Intents Operator image. | `intents-operator` | +| `operator.image.tag` | Intents Operator image tag. | `latest` | +| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` | +| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` | +| `operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | +| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` | +| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | +| `operator.resources` | Resources override. | | ## Watcher parameters | Key | Description | Default | diff --git a/docs/reference/configuration/network-mapper/helm-chart.mdx b/docs/reference/configuration/network-mapper/helm-chart.mdx index 94d9807d3..8eea4f90c 100644 --- a/docs/reference/configuration/network-mapper/helm-chart.mdx +++ b/docs/reference/configuration/network-mapper/helm-chart.mdx @@ -37,7 +37,7 @@ Checkout the network mapper [tutorial](/quick-tutorials/k8s-network-mapper) to s ## Kafka watcher parameters | Key | Description | Default | |---------------------------------|-------------------------------------------------------------|--------------------------------| -| `kafkawatcher.enable` | Enable Kafka watcher deployment (beta). | `false` | +| `kafkawatcher.enable` | Enable Kafka watcher deployment (beta). | `false` | | `kafkawatcher.image.repository` | Kafka watcher image repository. | `otterize` | | `kafkawatcher.image.image` | Kafka watcher image. | `network-mapper-kafka-watcher` | | `kafkawatcher.image.tag` | Kafka watcher image tag. | `latest` | @@ -47,15 +47,15 @@ Checkout the network mapper [tutorial](/quick-tutorials/k8s-network-mapper) to s | `kafkawatcher.kafkaServers` | Kafka servers to watch, specified as `pod.namespace` items. | `(none)` | ## Istio watcher parameters -| Key | Description | Default | -|---------------------------------|-------------------------------------------------|--------------------------------| +| Key | Description | Default | +|---------------------------------|-----------------------------------------|--------------------------------| | `istiowatcher.enable` | Enable Istio watcher deployment (beta). | `false` | -| `istiowatcher.image.repository` | Istio watcher image repository. | `otterize` | -| `istiowatcher.image.image` | Istio watcher image. | `network-mapper-istio-watcher` | -| `istiowatcher.image.tag` | Istio watcher image tag. | `latest` | -| `istiowatcher.pullPolicy` | Istio watcher pull policy. | `(none)` | -| `istiowatcher.pullSecrets` | Istio watcher pull secrets. | `(none)` | -| `istiowatcher.resources` | Resources override. | `(none)` | +| `istiowatcher.image.repository` | Istio watcher image repository. | `otterize` | +| `istiowatcher.image.image` | Istio watcher image. | `network-mapper-istio-watcher` | +| `istiowatcher.image.tag` | Istio watcher image tag. | `latest` | +| `istiowatcher.pullPolicy` | Istio watcher pull policy. | `(none)` | +| `istiowatcher.pullSecrets` | Istio watcher pull secrets. | `(none)` | +| `istiowatcher.resources` | Resources override. | `(none)` | ## Cloud parameters | Key | Description | Default | diff --git a/docs/reference/configuration/network-mapper/kafka-watcher.mdx b/docs/reference/configuration/network-mapper/kafka-watcher.mdx index 10c877387..160f6b45a 100644 --- a/docs/reference/configuration/network-mapper/kafka-watcher.mdx +++ b/docs/reference/configuration/network-mapper/kafka-watcher.mdx @@ -15,7 +15,7 @@ Servers in the list should be specified as `name.namespace`. ## Kafka watcher parameters | Key | Description | Default | |---------------------------------|-------------------------------------------------------------|--------------------------------| -| `kafkawatcher.enable` | Enable Kafka watcher deployment (beta). | `false` | +| `kafkawatcher.enable` | Enable Kafka watcher deployment (beta). | `false` | | `kafkawatcher.image.repository` | Kafka watcher image repository. | `otterize` | | `kafkawatcher.image.image` | Kafka watcher image. | `network-mapper-kafka-watcher` | | `kafkawatcher.image.tag` | Kafka watcher image tag. | `latest` | diff --git a/docs/reference/configuration/otterize-chart/README.mdx b/docs/reference/configuration/otterize-chart/README.mdx index 9402e159b..fddd75f0f 100644 --- a/docs/reference/configuration/otterize-chart/README.mdx +++ b/docs/reference/configuration/otterize-chart/README.mdx @@ -45,13 +45,20 @@ These parameters are used by multiple charts, and must be kept the same for the All configurable parameters of intents-operator can be configured under the alias `intentsOperator`. Further information about intents-operator parameters can be found [in the intents operator's Helm chart](https://github.com/otterize/helm-charts/tree/main/intents-operator). -| Key | Description | Default | -|------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| `intentsOperator.autoGenerateTLSUsingCredentialsOperator` | Use credentials-operator to create TLS cert for intents-operator. | `true` | -| `intentsOperator.operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | -| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to the ClientIntents | `true` | -| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to the ClientIntents of type Kafka | `true` | -| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +## Operator parameters +| Key | Description | Default | +|-------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `intentsOperator.operator.image.repository` | Intents Operator image repository. | `otterize` | +| `intentsOperator.operator.image.image` | Intents Operator image. | `intents-operator` | +| `intentsOperator.operator.image.tag` | Intents Operator image tag. | `latest` | +| `intentsOperator.operator.pullPolicy` | Intents Operator image pull policy. | `(none)` | +| `intentsOperator.operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` | +| `intentsOperator.operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | +| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` | +| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` | +| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | +| `intentsOperator.operator.resources` | Resources override. | | ## SPIRE parameters All configurable parameters of SPIRE can be configured under the alias `spire`.