From 5aaeba3786719b5f1cf833a762b723f3bc9830aa Mon Sep 17 00:00:00 2001 From: STAN <10127384+instanacd@users.noreply.github.com> Date: Tue, 14 May 2024 14:48:48 +0200 Subject: [PATCH] operator instana-agent-operator-rhmp (v2.0.19) (#743) * operator instana-agent-operator-rhmp (v2.0.19) Signed-off-by: instanacd * operator instana-agent-operator-rhmp (v2.0.27) Signed-off-by: instanacd * add required annotations * temp remove release 2.0.26 --------- Signed-off-by: instanacd Co-authored-by: instanacd Co-authored-by: Milica Cvrkota --- ...er-manager-metrics-service_v1_service.yaml | 17 + ...t-operator-rhmp.clusterserviceversion.yaml | 453 +++++ .../v2.0.19/manifests/instana.io_agents.yaml | 1630 +++++++++++++++++ .../manager-config_v1_configmap.yaml | 15 + ...ole_rbac.authorization.k8s.io_v1_role.yaml | 76 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 10 + .../v2.0.19/metadata/annotations.yaml | 18 + .../v2.0.19/tests/scorecard/config.yaml | 70 + 8 files changed, 2289 insertions(+) create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana-agent-operator-rhmp.clusterserviceversion.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana.io_agents.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-config_v1_configmap.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-role_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/metadata/annotations.yaml create mode 100644 operators/instana-agent-operator-rhmp/v2.0.19/tests/scorecard/config.yaml diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/controller-manager-metrics-service_v1_service.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 000000000..59e34b85b --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana-agent-operator-rhmp.clusterserviceversion.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana-agent-operator-rhmp.clusterserviceversion.yaml new file mode 100644 index 000000000..f032c4430 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana-agent-operator-rhmp.clusterserviceversion.yaml @@ -0,0 +1,453 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "instana.io/v1", + "kind": "InstanaAgent", + "metadata": { + "name": "instana-agent", + "namespace": "instana-agent" + }, + "spec": { + "agent": { + "configuration_yaml": "# You can leave this empty, or use this to configure your instana agent.\n# See https://ibm.biz/monitoring-k8s\n", + "endpointHost": "ingress-red-saas.instana.io", + "endpointPort": "443", + "env": {}, + "key": "replace-key" + }, + "cluster": { + "name": "my-cluster" + }, + "zone": { + "name": "edited-zone" + } + } + } + ] + capabilities: Full Lifecycle + categories: Monitoring,Logging & Tracing,OpenShift Optional + certified: "false" + containerImage: icr.io/instana/instana-agent-operator@sha256:346009d5c6c7e8760e0bd9b7cae7e29c91b3f06e494582c4123b060a21f250ff + description: Fully automated Application Performance Monitoring (APM) for microservices. + features.operators.openshift.io/disconnected: "false" + features.operators.openshift.io/fips-compliant: "true" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.operatorframework.io/builder: operator-sdk-v1.15.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/instana/instana-agent-operator + support: Instana + marketplace.openshift.io/remote-workflow: https://marketplace.redhat.com/en-us/operators/instana-agent-operator-rhmp/pricing?utm_source=openshift_console + marketplace.openshift.io/support-workflow: https://marketplace.redhat.com/en-us/operators/instana-agent-operator-rhmp/support?utm_source=openshift_console + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.ppc64le: supported + operatorframework.io/arch.s390x: supported + operatorframework.io/os.linux: supported + name: instana-agent-operator.v2.0.19 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: InstanaAgent is the Schema for the agents API + displayName: Instana Agent + kind: InstanaAgent + name: agents.instana.io + resources: + - kind: DaemonSet + name: instana-agent + version: v1 + - kind: Pod + name: instana-agent + version: v1 + - kind: Secret + name: instana-agent + version: v1 + specDescriptors: + - description: Key is the secret token which your agent uses to authenticate to Instana's servers. + displayName: Agent Key + path: agent.key + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + version: v1 + description: | + # Instana + + Instana is an [APM solution](https://www.instana.com/product-overview/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring, tracing and root cause analysis. The solution is optimized for [Kubernetes](https://www.instana.com/automatic-kubernetes-monitoring/) and [OpenShift](https://www.instana.com/blog/automatic-root-cause-analysis-for-openshift-applications/). + + ## Instana Agent Operator + + This is the Kubernetes Operator for installing the Instana Agent on Kubernetes or OpenShift. + + ## Prerequisites for OpenShift + + Before the agent will be able to run in OpenShift, you need to perform a couple of extra configuration steps. + + You need to set up a project for the Instana Agent and configure it's permissions. + + The project you create here needs to be the namespace where you create the Instana Agent custom resource that the operator will use to deploy the agent. + + For example, create the `instana-agent` project: + + oc new-project instana-agent + + Then, ensure the `instana-agent` service account is in the privileged security context: + + oc adm policy add-scc-to-user privileged -z instana-agent + + This service account will be created by the operator. + + Now you can proceed with installing the operator for the Instana agent. + + ## Installation and Configuration + + First, install this operator from [OperatorHub.io](https://operatorhub.io/), [OpenShift Container Platform](https://www.openshift.com/), or [OKD](https://www.okd.io/). + + Second, create a custom resource with the agent configuration in the target namespace (for now, this MUST always be the `instana-agent` namespace). The operator will pick up the custom resource and install the Instana agent accordingly. + + The following is a minimal template of the custom resource: + + ```yaml + apiVersion: instana.io/v1 + kind: InstanaAgent + metadata: + name: instana-agent + namespace: instana-agent + spec: + zone: + name: my-zone # (optional) name of the zone of the host + cluster: + name: replace-me # replace with the name of your Kubernetes cluster + agent: + key: replace-me # replace with your Instana agent key + endpointHost: ingress-red-saas.instana.io # the monitoring ingress endpoint + endpointPort: "443" # the monitoring ingress endpoint port, wrapped in quotes + env: + INSTANA_AGENT_TAGS: example + configuration_yaml: | + # You can leave this empty, or use this to configure your instana agent. + # See https://ibm.biz/monitoring-k8s + ``` + + Save the template in a file `instana-agent.yaml` and edit the following values: + + * If your target namespace is not `instana-agent`, replace the `namespace:` accordingly. + * `agent.key` must be set with your Instana agent key. + * `agent.endpointHost` must be set with the monitoring ingress endpoint, generally either `saas-us-west-2.instana.io` or `saas-eu-west-1.instana.io`. + * `agent.endpointPort` must be set with the monitoring ingress port, generally "443" (wrapped in quotes). + * `zone.name` should be set with the name of the Kubernetes cluster that is be displayed in Instana. + + For advanced configuration, you can edit the contents of the `configuration.yaml` file. View documentation [here](https://ibm.biz/monitoring-k8s). + + Apply the custom resource with `kubectl apply -f instana-agent.yaml`. After some time, you should see `instana-agent` Pods being created on each node of your cluster, and your cluster should show on the infrastructure map on your Instana Web interface. + + ## Uninstalling + + In order to uninstall the Instana agent, simply remove the custom resource with `kubectl delete -f instana-agent.yaml`. + + ## Source Code + + The Instana agent operator is an open source project hosted on [https://github.com/instana/instana-agent-operator](https://github.com/instana/instana-agent-operator/). + displayName: Instana Agent Operator + icon: + - base64data:  + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - instana.io + resources: + - agents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - instana.io + resources: + - agents/finalizers + verbs: + - update + - apiGroups: + - instana.io + resources: + - agents/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + - extensions + - apps + - rbac.authorization.k8s.io + resources: + - serviceaccounts + - clusterroles + - clusterrolebindings + - secrets + - configmaps + - daemonsets + - namespaces + - services + - deployments + - nodes/stats + - nodes/metrics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + - apiextensions.k8s.io + resources: + - pods + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + - /metrics + - /stats/summary + - /metrics/cadvisor + verbs: + - get + - apiGroups: + - "" + resources: + - componentstatuses + - endpoints + - events + - namespaces + - nodes + - pods + - replicationcontrollers + - resourcequotas + - services + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - deployments + - ingresses + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - autoscaling/v1 + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling/v2 + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + serviceAccountName: controller-manager + deployments: + - name: controller-manager + spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: instana-agent-operator + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: instana-agent-operator + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + - arm64 + containers: + - args: + - --leader-elect + command: + - /manager + image: icr.io/instana/instana-agent-operator@sha256:346009d5c6c7e8760e0bd9b7cae7e29c91b3f06e494582c4123b060a21f250ff + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 200m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + strategy: deployment + installModes: + - supported: true + type: AllNamespaces + keywords: + - monitoring + - APM + - Instana + links: + - name: GitHub Repository + url: https://github.com/instana/instana-agent-operator + maintainers: + - email: support@instana.com + name: Instana + maturity: stable + minKubeVersion: 1.11.0 + provider: + name: Instana + relatedImages: + - image: icr.io/instana/instana-agent-operator@sha256:346009d5c6c7e8760e0bd9b7cae7e29c91b3f06e494582c4123b060a21f250ff + name: instana-agent-operator + - image: icr.io/instana/agent@sha256:04d5336218ada24fd6a5bd3c81a34f7d24ba821b16b0178b45e637395c076d55 + name: instana-agent + replaces: instana-agent-operator.v2.0.18 + version: 2.0.19 diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana.io_agents.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana.io_agents.yaml new file mode 100644 index 000000000..c47eb46d5 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/instana.io_agents.yaml @@ -0,0 +1,1630 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: agents.instana.io +spec: + group: instana.io + names: + categories: + - monitoring + - openshift-optional + kind: InstanaAgent + listKind: InstanaAgentList + plural: agents + shortNames: + - ia + singular: agent + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: InstanaAgent is the Schema for the agents API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InstanaAgentSpec defines the desired state of the Instana + Agent + properties: + agent: + description: Agent deployment specific fields. + properties: + additionalBackends: + description: These are additional backends the Instana agent will + report to besides the one configured via the `agent.endpointHost`, + `agent.endpointPort` and `agent.key` setting. + items: + properties: + endpointHost: + type: string + endpointPort: + type: string + key: + type: string + required: + - endpointHost + - endpointPort + - key + type: object + type: array + charts_url: + description: Custom agent charts url. + type: string + configuration: + description: Mount in a ConfigMap with Agent configuration. Alternative + to the `configuration_yaml` field. + properties: + autoMountConfigEntries: + description: When setting this to true, the Helm chart will + automatically look up the entries of the default instana-agent + ConfigMap, and mount as agent configuration files under + /opt/instana/agent/etc/instana all entries with keys that + match the 'configuration-*.yaml' scheme + type: boolean + type: object + configuration_yaml: + description: Supply Agent configuration e.g. for configuring certain + Sensors. + type: string + downloadKey: + description: The DownloadKey, sometimes known as "sales key", + that allows you to download software from Instana. It might + be needed to specify this in addition to the Key. + type: string + endpointHost: + description: EndpointHost is the hostname of the Instana server + your agents will connect to. + type: string + endpointPort: + description: EndpointPort is the port number (as a String) of + the Instana server your agents will connect to. + type: string + env: + additionalProperties: + type: string + description: 'Use the `env` field to set additional environment + variables for the Instana Agent, for example: env: INSTANA_AGENT_TAGS: + dev' + type: object + host: + description: Host sets a host path to be mounted as the Agent + Maven repository (mainly for debugging or development purposes) + properties: + repository: + type: string + type: object + image: + description: Override the container image used for the Instana + Agent pods. + properties: + digest: + description: Digest (a.k.a. Image ID) of the agent container + image. If specified, it has priority over `agent.image.tag`, + which will then be ignored. + type: string + name: + description: Name is the name of the container image of the + Instana agent. + type: string + pullPolicy: + description: PullPolicy specifies when to pull the image container. + type: string + pullSecrets: + description: PullSecrets allows you to override the default + pull secret that is created when `agent.image.name` starts + with "containers.instana.io". Setting `agent.image.pullSecrets` + prevents the creation of the default "containers-instana-io" + secret. + items: + properties: + name: + type: string + type: object + type: array + tag: + description: Tag is the name of the agent container image; + if `agent.image.digest` is specified, this property is ignored. + type: string + type: object + instanaMvnRepoUrl: + description: Override for the Maven repository URL when the Agent + needs to connect to a locally provided Maven repository 'proxy' + Alternative to `Host` for referencing a different Maven repo. + type: string + key: + description: Key is the secret token which your agent uses to + authenticate to Instana's servers. + type: string + keysSecret: + description: Rather than specifying the Key and optionally the + DownloadKey, you can "bring your own secret" creating it in + the namespace in which you install the `instana-agent` and specify + its name in the `KeysSecret` field. The secret you create must + contain a field called `key` and optionally one called `downloadKey`, + which contain, respectively, the values you'd otherwise set + in `.agent.key` and `agent.downloadKey`. + type: string + listenAddress: + description: 'ListenAddress is the IP addresses the Agent HTTP + server will listen on. Normally this will just be localhost + (`127.0.0.1`), the pod public IP and any container runtime bridge + interfaces. Set `listenAddress: *` for making the Agent listen + on all network interfaces.' + type: string + minReadySeconds: + description: The minimum number of seconds for which a newly created + Pod should be ready without any of its containers crashing, + for it to be considered available + type: integer + mode: + description: 'Set agent mode, possible options are APM, INFRASTRUCTURE + or AWS. KUBERNETES should not be used but instead enabled via + `kubernetes.deployment.enabled: true`.' + type: string + pod: + description: Override Agent Pod specific settings such as annotations, + labels and resources. + properties: + affinity: + description: agent.pod.affinity are affinities to influence + agent pod assignment. https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: agent.pod.annotations are additional annotations + to be added to the agent pods. + type: object + labels: + additionalProperties: + type: string + description: agent.pod.labels are additional labels to be + added to the agent pods. + type: object + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + priorityClassName: + description: agent.pod.priorityClassName is the name of an + existing PriorityClass that should be set on the agent pods + https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + tolerations: + description: agent.pod.tolerations are tolerations to influence + agent pod assignment. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + proxyHost: + description: proxyHost sets the INSTANA_AGENT_PROXY_HOST environment + variable. + type: string + proxyPassword: + description: proxyPassword sets the INSTANA_AGENT_PROXY_PASSWORD + environment variable. + type: string + proxyPort: + description: proxyPort sets the INSTANA_AGENT_PROXY_PORT environment + variable. + type: string + proxyProtocol: + description: proxyProtocol sets the INSTANA_AGENT_PROXY_PROTOCOL + environment variable. + type: string + proxyUseDNS: + description: proxyUseDNS sets the INSTANA_AGENT_PROXY_USE_DNS + environment variable. + type: boolean + proxyUser: + description: proxyUser sets the INSTANA_AGENT_PROXY_USER environment + variable. + type: string + redactKubernetesSecrets: + description: RedactKubernetesSecrets sets the INSTANA_KUBERNETES_REDACT_SECRETS + environment variable. + type: string + tls: + description: TLS for end-to-end encryption between the Instana + Agent and clients accessing the Agent. The Instana Agent does + not yet allow enforcing TLS encryption, enabling makes it possible + for clients to 'opt-in'. So TLS is only enabled on a connection + when requested by the client. + properties: + certificate: + description: certificate (together with key) is the alternative + to an existing Secret. Must be base64 encoded. + type: string + key: + description: key (together with certificate) is the alternative + to an existing Secret. Must be base64 encoded. + type: string + secretName: + description: secretName is the name of the secret that has + the relevant files. + type: string + type: object + updateStrategy: + description: Control how to update the Agent DaemonSet + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow + our convention for oneOf, whatever we decide it to be. Same + as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing + available DaemonSet pod that can have an updated DaemonSet + pod during during an update. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up + to a minimum of 1. Default value is 0. Example: when + this is set to 30%, at most 30% of the total number + of nodes that should be running the daemon pod (i.e. + status.desiredNumberScheduled) can have their a new + pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. + Once an updated pod is available (Ready for at least + minReadySeconds) the old DaemonSet pod on that node + is marked deleted. If the old pod becomes unavailable + for any reason (Ready transitions to false, is evicted, + or is drained) an updated pod is immediatedly created + on that node without considering surge limits. Allowing + surge implies the possibility that the resources consumed + by the daemonset on any given node can double if the + readiness check fails, and so resource intensive daemonsets + should take into account that they may cause evictions + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods + in their place. Once the new pods are available, it + then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods + are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + required: + - endpointHost + - endpointPort + type: object + agent.clusterRoleBindingName: + type: string + agent.clusterRoleName: + type: string + agent.configMapName: + type: string + agent.cpuLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agent.cpuReq: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agent.daemonSetName: + type: string + agent.downloadKey: + type: string + agent.endpoint.host: + type: string + agent.endpoint.port: + type: integer + agent.env: + additionalProperties: + type: string + type: object + agent.host.repository: + type: string + agent.image: + type: string + agent.imagePullPolicy: + type: string + agent.key: + type: string + agent.memLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agent.memReq: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agent.rbac.create: + type: boolean + agent.secretName: + type: string + agent.serviceAccountName: + type: string + agent.tls.certificate: + type: string + agent.tls.key: + type: string + agent.tls.secretName: + type: string + agent.zone.name: + type: string + cluster: + description: Name of the cluster, that will be assigned to this cluster + in Instana. Either specifying the 'cluster.name' or 'zone.name' + is mandatory. + properties: + name: + type: string + type: object + cluster.name: + type: string + config.files: + additionalProperties: + type: string + type: object + k8s_sensor: + properties: + deployment: + properties: + enabled: + type: boolean + minReadySeconds: + description: The minimum number of seconds for which a newly + created Pod should be ready without any of its containers + crashing, for it to be considered available + type: integer + pod: + description: Override pod resource requirements for the Kubernetes + Sensor pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + replicas: + description: Specify the number of replicas for the Kubernetes + Sensor. + type: integer + type: object + image: + properties: + digest: + description: Digest (a.k.a. Image ID) of the agent container + image. If specified, it has priority over `agent.image.tag`, + which will then be ignored. + type: string + name: + description: Name is the name of the container image of the + Instana agent. + type: string + pullPolicy: + description: PullPolicy specifies when to pull the image container. + type: string + pullSecrets: + description: PullSecrets allows you to override the default + pull secret that is created when `agent.image.name` starts + with "containers.instana.io". Setting `agent.image.pullSecrets` + prevents the creation of the default "containers-instana-io" + secret. + items: + properties: + name: + type: string + type: object + type: array + tag: + description: Tag is the name of the agent container image; + if `agent.image.digest` is specified, this property is ignored. + type: string + type: object + type: object + kubernetes: + description: Allows for installment of the Kubernetes Sensor as separate + pod. Which allows for better tailored resource settings (mainly + memory) both for the Agent pods and the Kubernetes Sensor pod. + properties: + deployment: + properties: + enabled: + type: boolean + minReadySeconds: + description: The minimum number of seconds for which a newly + created Pod should be ready without any of its containers + crashing, for it to be considered available + type: integer + pod: + description: Override pod resource requirements for the Kubernetes + Sensor pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + replicas: + description: Specify the number of replicas for the Kubernetes + Sensor. + type: integer + type: object + type: object + openshift: + description: Set to `True` to indicate the Operator is being deployed + in a OpenShift cluster. Provides a hint so that RBAC etc is configured + correctly. + type: boolean + opentelemetry: + description: 'Enables the OpenTelemetry gRPC endpoint on the Agent. + If true, it will also apply `service.create: true`.' + properties: + enabled: + type: boolean + grpc: + properties: + enabled: + type: boolean + type: object + http: + properties: + enabled: + type: boolean + type: object + type: object + opentelemetry.enabled: + type: boolean + pinnedChartVersion: + description: Specifying the PinnedChartVersion allows for 'pinning' + the Helm Chart used by the Operator for installing the Agent DaemonSet. + Normally the Operator will always install and update to the latest + Helm Chart version. The Operator will check and make sure no 'unsupported' + Chart versions can be selected. + type: string + podSecurityPolicy: + description: 'Specify a PodSecurityPolicy for the Instana Agent Pods. + If enabled requires `rbac.create: true`.' + properties: + enabled: + type: boolean + name: + type: string + type: object + prometheus: + description: 'Enables the Prometheus endpoint on the Agent. If true, + it will also apply `service.create: true`.' + properties: + remoteWrite: + properties: + enabled: + type: boolean + type: object + type: object + rbac: + description: Specifies whether RBAC resources should be created. + properties: + create: + type: boolean + type: object + service: + description: 'Specifies whether to create the instana-agent `Service` + to expose within the cluster. The Service can then be used e.g. + for the Prometheus remote-write, OpenTelemetry GRCP endpoint and + other APIs. Note: Requires Kubernetes 1.17+, as it uses topologyKeys.' + properties: + create: + type: boolean + type: object + serviceAccount: + description: Specifies whether a ServiceAccount should be created + (default `true`), and possibly the name to use. + properties: + create: + type: boolean + name: + type: string + type: object + zone: + description: Name of the zone in which the host(s) will be displayed + on the map. Optional, but then 'cluster.name' must be specified. + properties: + name: + type: string + type: object + required: + - agent + type: object + status: + description: InstanaAgentStatus defines the observed state of InstanaAgent + properties: + configmap: + description: ResourceInfo holds Name and UID to given object + properties: + name: + type: string + uid: + type: string + required: + - name + - uid + type: object + daemonset: + description: ResourceInfo holds Name and UID to given object + properties: + name: + type: string + uid: + type: string + required: + - name + - uid + type: object + lastUpdate: + format: date-time + type: string + leadingAgentPod: + additionalProperties: + description: ResourceInfo holds Name and UID to given object + properties: + name: + type: string + uid: + type: string + required: + - name + - uid + type: object + type: object + oldVersionsUpdated: + type: boolean + reason: + type: string + status: + description: AgentOperatorState type representing the running state + of the Agent Operator itself. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-config_v1_configmap.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-config_v1_configmap.yaml new file mode 100644 index 000000000..886e93849 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + leaderElection: + leaderElect: true + resourceName: 819a9291.instana.io +kind: ConfigMap +metadata: + name: manager-config diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-role_rbac.authorization.k8s.io_v1_role.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-role_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 000000000..f6ff0b5f3 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/manager-role_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,76 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - agents.instana.io + resources: + - instanaagent + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - agents.instana.io + resources: + - instanaagent/finalizers + verbs: + - update +- apiGroups: + - agents.instana.io + resources: + - instanaagent/status + verbs: + - get + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - autoscaling/v1 + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling/v2 + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..e34648b87 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/metadata/annotations.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/metadata/annotations.yaml new file mode 100644 index 000000000..4899df9b5 --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: instana-agent-operator-rhmp + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.15.0+git + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + # Allow bundle to be published on 4.8 and beyond + com.redhat.openshift.versions: "v4.8" + com.redhat.delivery.operator.bundle: true + com.redhat.delivery.backport: false diff --git a/operators/instana-agent-operator-rhmp/v2.0.19/tests/scorecard/config.yaml b/operators/instana-agent-operator-rhmp/v2.0.19/tests/scorecard/config.yaml new file mode 100644 index 000000000..89bdfbe4d --- /dev/null +++ b/operators/instana-agent-operator-rhmp/v2.0.19/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}