diff --git a/bundle/manifests/mariadb-operator.clusterserviceversion.yaml b/bundle/manifests/mariadb-operator.clusterserviceversion.yaml index f0ca4b5..bbaf399 100644 --- a/bundle/manifests/mariadb-operator.clusterserviceversion.yaml +++ b/bundle/manifests/mariadb-operator.clusterserviceversion.yaml @@ -12,11 +12,53 @@ metadata: }, "spec": { "affinity": {}, + "certController": { + "affinity": {}, + "caValidity": "35064h", + "certValidity": "8766h", + "enabled": true, + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "ha": { + "enabled": false, + "replicas": 3 + }, + "image": { + "pullPolicy": "IfNotPresent", + "repository": "ghcr.io/mariadb-operator/mariadb-operator", + "tag": "" + }, + "imagePullSecrets": [], + "lookaheadValidity": "2160h", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "requeueDuration": "5m", + "resources": {}, + "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, + "serviceMonitor": { + "additionalLabels": {}, + "enabled": true, + "interval": "30s", + "scrapeTimeout": "25s" + }, + "tolerations": [] + }, "clusterName": "cluster.local", + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], "fullnameOverride": "", "ha": { "enabled": false, - "leaseId": "mariadb.mmontes.io", "replicas": 3 }, "image": { @@ -24,6 +66,7 @@ metadata: "repository": "ghcr.io/mariadb-operator/mariadb-operator", "tag": "" }, + "imagePullSecrets": [], "logLevel": "INFO", "metrics": { "enabled": false, @@ -38,19 +81,39 @@ metadata: "nodeSelector": {}, "podAnnotations": {}, "podSecurityContext": {}, + "rbac": { + "enabled": true + }, "resources": {}, "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, "tolerations": [], "webhook": { "affinity": {}, - "certificate": { - "certManager": false, - "default": { - "annotations": {}, - "caExpirationDays": 365, - "certExpirationDays": 365 + "annotations": {}, + "cert": { + "caPath": "/tmp/k8s-webhook-server/certificate-authority", + "certManager": { + "duration": "", + "enabled": false, + "issuerRef": {}, + "renewBefore": "" }, - "path": "/tmp/k8s-webhook-server/serving-certs" + "path": "/tmp/k8s-webhook-server/serving-certs", + "secretAnnotations": {} + }, + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "ha": { + "enabled": false, + "replicas": 3 }, "hostNetwork": false, "image": { @@ -58,12 +121,20 @@ metadata: "repository": "ghcr.io/mariadb-operator/mariadb-operator", "tag": "" }, + "imagePullSecrets": [], "nodeSelector": {}, "podAnnotations": {}, "podSecurityContext": {}, "port": 10250, "resources": {}, "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, "serviceMonitor": { "additionalLabels": {}, "enabled": true, diff --git a/config/samples/helm_v1alpha1_mariadboperator.yaml b/config/samples/helm_v1alpha1_mariadboperator.yaml index 472a49d..8cca044 100644 --- a/config/samples/helm_v1alpha1_mariadboperator.yaml +++ b/config/samples/helm_v1alpha1_mariadboperator.yaml @@ -3,56 +3,236 @@ kind: MariadbOperator metadata: name: mariadb-operator spec: - # Default values copied from /helm-charts/mariadb-operator/values.yaml - affinity: {} - clusterName: cluster.local + nameOverride: "" fullnameOverride: "" - ha: - enabled: false - leaseId: mariadb.mmontes.io - replicas: 3 + image: - pullPolicy: IfNotPresent repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used tag: "" + imagePullSecrets: [] + + # -- Controller log level logLevel: INFO + + # -- Cluster DNS name + clusterName: cluster.local + + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + metrics: + # -- Enable prometheus metrics. Prometheus must be installed in the cluster enabled: false serviceMonitor: - additionalLabels: {} + # -- Enable controller ServiceMonitor enabled: true + # -- Labels to be added to the controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval scrapeTimeout: 25s - nameOverride: "" - nodeSelector: {} + + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + + rbac: + # -- Specifies whether RBAC resources should be created + enabled: true + + # -- Extra arguments to be passed to the controller entrypoint + extrArgs: [] + + # -- Extra volumes to pass to pod. + extraVolumes: [] + + # -- Extra volumes to mount to the container. + extraVolumeMounts: [] + + # -- Annotations to add to controller Pod podAnnotations: {} + + # -- Security context to add to controller Pod podSecurityContext: {} - resources: {} + + # -- Security context to add to controller container securityContext: {} + + # -- Resources to add to controller container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + + # -- Node selectors to add to controller Pod + nodeSelector: {} + + # -- Tolerations to add to controller Pod tolerations: [] + + # -- Affinity to add to controller Pod + affinity: {} + webhook: - affinity: {} - certificate: - certManager: false - default: - annotations: {} - caExpirationDays: 365 - certExpirationDays: 365 - path: /tmp/k8s-webhook-server/serving-certs - hostNetwork: false image: - pullPolicy: IfNotPresent repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used tag: "" - nodeSelector: {} + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + cert: + certManager: + # -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. + enabled: false + # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. + issuerRef: {} + # -- Duration to be used in the Certificate resource, + duration: "" + # -- Renew before duration to be used in the Certificate resource. + renewBefore: "" + # -- Annotatioms to be added to webhook TLS secret. + secretAnnotations: {} + # -- Path where the CA certificate will be mounted. + caPath: /tmp/k8s-webhook-server/certificate-authority + # -- Path where the certificate will be mounted. + path: /tmp/k8s-webhook-server/serving-certs + # -- Port to be used by the webhook server + port: 10250 + # -- Expose the webhook server in the host network + hostNetwork: false + serviceMonitor: + # -- Enable webhook ServiceMonitor. Metrics must be enabled + enabled: true + # -- Labels to be added to the webhook ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Annotations for webhook configurations. + annotations: {} + # -- Extra arguments to be passed to the webhook entrypoint + extrArgs: [] + # -- Extra volumes to pass to webhook Pod + extraVolumes: [] + # -- Extra volumes to mount to webhook container + extraVolumeMounts: [] + # -- Annotations to add to webhook Pod podAnnotations: {} + # -- Security context to add to webhook Pod podSecurityContext: {} - port: 10250 - resources: {} + # -- Security context to add to webhook container securityContext: {} + # -- Resources to add to webhook container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod + tolerations: [] + # -- Affinity to add to controller Pod + affinity: {} + + certController: + # -- Specifies whether the cert-controller should be created. + enabled: true + image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + # -- CA certificate validity. It must be greater than certValidity. + caValidity: 35064h + # -- Certificate validity. + certValidity: 8766h + # -- Duration used to verify whether a certificate is valid or not. + lookaheadValidity: 2160h + # -- Requeue duration to ensure that certificate gets renewed. + requeueDuration: 5m serviceMonitor: - additionalLabels: {} + # -- Enable cert-controller ServiceMonitor. Metrics must be enabled enabled: true + # -- Labels to be added to the cert-controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Extra arguments to be passed to the cert-controller entrypoint + extrArgs: [] + # -- Extra volumes to pass to cert-controller Pod + extraVolumes: [] + # -- Extra volumes to mount to cert-controller container + extraVolumeMounts: [] + # -- Annotations to add to cert-controller Pod + podAnnotations: {} + # -- Security context to add to cert-controller Pod + podSecurityContext: {} + # -- Security context to add to cert-controller container + securityContext: {} + # -- Resources to add to cert-controller container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod tolerations: [] + # -- Affinity to add to controller Pod + affinity: {}