---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: schemaregistries.platform.confluent.io
spec:
  group: platform.confluent.io
  names:
    categories:
    - all
    - confluent-platform
    - confluent
    kind: SchemaRegistry
    listKind: SchemaRegistryList
    plural: schemaregistries
    shortNames:
    - schemaregistry
    - sr
    singular: schemaregistry
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .status.replicas
      name: Replicas
      type: string
    - jsonPath: .status.readyReplicas
      name: Ready
      type: string
    - jsonPath: .status.phase
      name: Status
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.kafka.bootstrapEndpoint
      name: Kafka
      priority: 1
      type: string
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: SchemaRegistry is the schema for the Schema Registry API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: spec defines the desired state of the Schema Registry cluster.
            properties:
              authentication:
                description: authentication specifies the authentication configurations
                  for the REST API endpoint.
                properties:
                  basic:
                    description: basic specifies the configuration for basic authentication.
                    properties:
                      debug:
                        description: debug enables the basic authentication debug
                          logs for JaaS configuration.
                        type: boolean
                      directoryPathInContainer:
                        description: 'directoryPathInContainer allows to pass the
                          basic credential through a directory path in the container.
                          More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
                        minLength: 1
                        type: string
                      restrictedRoles:
                        description: restrictedRoles specify the restricted roles
                          on the server side only. Changes will be only reflected
                          in Control Center. This configuration is ignored on the
                          client side configuration.
                        items:
                          type: string
                        minItems: 1
                        type: array
                      roles:
                        description: roles specify the roles on the server side only.
                          This configuration is ignored on the client side configuration.
                        items:
                          type: string
                        type: array
                      secretRef:
                        description: 'secretRef defines secret reference to pass the
                          required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
                        maxLength: 30
                        minLength: 1
                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                        type: string
                    type: object
                  type:
                    description: type specifies the authentication scheme for the
                      REST API server. Valid options are `basic` and `mtls`.
                    enum:
                    - basic
                    - mtls
                    type: string
                required:
                - type
                type: object
              authorization:
                description: authorization specifies the authorization configurations.
                properties:
                  kafkaRestClassRef:
                    description: kafkaRestClassRef references the KafkaRestClass which
                      specifies the Kafka REST API connection configuration.
                    properties:
                      name:
                        description: name specifies the name of the KafkaRestClass
                          application resource.
                        minLength: 1
                        type: string
                      namespace:
                        description: namespace specifies the namespace of the KafkaRestClass.
                        type: string
                    required:
                    - name
                    type: object
                  type:
                    description: type specifies the client-side authorization type.
                      The valid option is `rbac`.
                    enum:
                    - rbac
                    type: string
                required:
                - type
                type: object
              configOverrides:
                description: configOverrides specifies the configs to override the
                  server, JVM, Log4j properties for the Schema Registry cluster. A
                  change will roll the cluster.
                properties:
                  jvm:
                    description: jvm is a list of JVM configuration supported by the
                      Confluent Platform component. This will either add or update
                      the existing configuration.
                    items:
                      type: string
                    type: array
                  log4j:
                    description: log4j is a list of Log4J configuration supported
                      by the Confluent Platform component. This will either add or
                      update the existing configuration.
                    items:
                      type: string
                    type: array
                  server:
                    description: server is a list of server configuration supported
                      by the Confluent Platform component. This will either add or
                      update existing configuration.
                    items:
                      type: string
                    type: array
                type: object
              dependencies:
                description: dependencies specify the dependency configurations for
                  the Schema Registry.
                properties:
                  kafka:
                    description: kafka specifies the Kafka dependency configuration.
                    properties:
                      authentication:
                        description: authentication defines the authentication for
                          the Kafka cluster.
                        properties:
                          jaasConfig:
                            description: jaasConfig specifies the Kafka client-side
                              JaaS configuration.
                            properties:
                              secretRef:
                                description: 'secretRef references the secret containing
                                  the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            required:
                            - secretRef
                            type: object
                          jaasConfigPassThrough:
                            description: jaasConfigPassThrough specifies another way
                              to provide the Kafka client-side JaaS configuration.
                            properties:
                              directoryPathInContainer:
                                description: 'directoryPathInContainer specifies the
                                  directory path in the container where required credentials
                                  are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
                                minLength: 1
                                type: string
                              secretRef:
                                description: 'secretRef references the secret containing
                                  the required credentials for authentication. More
                                  info: https://docs.confluent.io/operator/current/co-authenticate.html'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            type: object
                          oauthbearer:
                            description: oauthbearer is the authentication mechanism
                              to provider principals. Only supported in RBAC deployment.
                            properties:
                              directoryPathInContainer:
                                description: directoryPathInContainer specifies the
                                  directory path in the container where the credential
                                  is mounted.
                                minLength: 1
                                type: string
                              secretRef:
                                description: 'secretRef specifies the name of the
                                  secret that contains the credential. More info:
                                  https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            type: object
                          type:
                            description: type specifies the Kafka client authentication
                              type. Valid options are `plain`, `oauthbearer`, `digest`,
                              and `mtls`.
                            enum:
                            - plain
                            - oauthbearer
                            - digest
                            - mtls
                            type: string
                        required:
                        - type
                        type: object
                      bootstrapEndpoint:
                        description: bootstrapEndpoint specifies the Kafka bootstrap
                          endpoint.
                        minLength: 1
                        pattern: .+:[0-9]+
                        type: string
                      discovery:
                        description: discovery specifies the capability to discover
                          the Kafka cluster.
                        properties:
                          name:
                            description: name is the name of the Confluent Platform
                              component cluster.
                            type: string
                          namespace:
                            description: namespace is where the Confluent Platform
                              component is running. The default value is the namespace
                              where CFK is running.
                            type: string
                          secretRef:
                            description: secretRef is the name of the secret used
                              to discover the Confluent Platform component.
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - name
                        type: object
                      tls:
                        description: tls defines the client-side TLS setting for the
                          Kafka cluster.
                        properties:
                          directoryPathInContainer:
                            description: directoryPathInContainer specifies the directory
                              path in the container where `keystore.jks`, `truststore.jks`,
                              and `jksPassword.txt` keys are mounted. `truststore.jks`
                              is not configured and can be ignored when the `ignoreTrustStoreConfig`
                              field is set to `true`.
                            minLength: 1
                            type: string
                          enabled:
                            description: enabled specifies to enable the TLS configuration
                              for the Confluent component.
                            type: boolean
                          ignoreTrustStoreConfig:
                            description: ignoreTrustStoreConfig indicates whether
                              to ignore the truststore configuration for the Confluent
                              component.
                            type: boolean
                          jksPassword:
                            description: jksPassword references the secret containing
                              the JKS password.
                            properties:
                              secretRef:
                                description: 'secretRef references the name of the
                                  secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            required:
                            - secretRef
                            type: object
                          secretRef:
                            description: 'secretRef references the secret containing
                              the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - enabled
                        type: object
                    type: object
                  mds:
                    description: mds specifies the MDS dependencies configurations.
                    properties:
                      authentication:
                        description: authentication specifies the client side authentication
                          configuration for the MDS.
                        properties:
                          bearer:
                            description: bearer specifies the bearer authentication
                              settings.
                            properties:
                              directoryPathInContainer:
                                description: directoryPathInContainer specifies the
                                  directory path in the container where the credential
                                  is mounted.
                                minLength: 1
                                type: string
                              secretRef:
                                description: 'secretRef specifies the name of the
                                  secret that contains the credential. More info:
                                  https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            type: object
                          type:
                            description: type specifies the authentication method
                              for the MDS. The valid option is `bearer`.
                            enum:
                            - bearer
                            type: string
                        required:
                        - bearer
                        - type
                        type: object
                      endpoint:
                        description: endpoint specifies the MDS endpoint.
                        minLength: 1
                        pattern: ^https?://.*
                        type: string
                      tls:
                        description: ClientTLSConfig specifies the TLS configuration
                          for the Confluent component (dependencies, listeners).
                        properties:
                          directoryPathInContainer:
                            description: directoryPathInContainer specifies the directory
                              path in the container where `keystore.jks`, `truststore.jks`,
                              and `jksPassword.txt` keys are mounted. `truststore.jks`
                              is not configured and can be ignored when the `ignoreTrustStoreConfig`
                              field is set to `true`.
                            minLength: 1
                            type: string
                          enabled:
                            description: enabled specifies to enable the TLS configuration
                              for the Confluent component.
                            type: boolean
                          ignoreTrustStoreConfig:
                            description: ignoreTrustStoreConfig indicates whether
                              to ignore the truststore configuration for the Confluent
                              component.
                            type: boolean
                          jksPassword:
                            description: jksPassword references the secret containing
                              the JKS password.
                            properties:
                              secretRef:
                                description: 'secretRef references the name of the
                                  secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            required:
                            - secretRef
                            type: object
                          secretRef:
                            description: 'secretRef references the secret containing
                              the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - enabled
                        type: object
                      tokenKeyPair:
                        description: tokenKeyPair specifies the token keypair to configure
                          the MDS.
                        properties:
                          directoryPathInContainer:
                            description: directoryPathInContainer defines the directory
                              path in the container where the MDS token key pair are
                              mounted.
                            minLength: 1
                            type: string
                          secretRef:
                            description: secretRef references the name of the secret
                              that contains the MDS token key pair.
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        type: object
                    required:
                    - authentication
                    - endpoint
                    - tokenKeyPair
                    type: object
                type: object
              enableSchemaExporter:
                description: enableSchemaExporter enables schema exporter in the Schema
                  Registry.
                type: boolean
              externalAccess:
                description: externalAccess specifies the external access configuration.
                  When `spec.listeners` is configured, configuring `spec.externalAccess`
                  is not allowed. Please configure `spec.listeners.external.externalAccess`
                  instead".
                properties:
                  loadBalancer:
                    description: loadBalancer specifies the configuration to create
                      a Kubernetes load balancer service.
                    properties:
                      advertisedURL:
                        description: 'advertisedURL specifies the configuration for
                          advertised listener per pod. It is only supported for MDS
                          currently. If it is enabled, instead of using internal endpoint,
                          the MDS advertised listener for each broker will be set
                          to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
                          where podId starts from `0` to `replicaCount -1`. This is
                          only recommended if you cannot add internal SANs to the
                          TLS certificates for MDS and the external DNS must be resolved
                          inside the Kubernetes cluster. This configuration will not
                          take effect if MDS enabled dual listener setup.'
                        properties:
                          enabled:
                            description: enabled indicates whether to set the MDS
                              advertised listener url with external endpoint for each
                              broker. Has no effect with Zookeeper, which will always
                              create a listener per pod.
                            type: boolean
                          prefix:
                            description: prefix specifies the broker prefix for MDS/Zookeeper
                              advertised endpoint. If not configured, it uses `b`
                              as default prefix for MDS, such as `b#.domain` where
                              `#` will start from `0` to `replicaCount -1`. It uses
                              'zookeeper' as default prefix for Zookeeper in the same
                              way.
                            minLength: 1
                            type: string
                        required:
                        - enabled
                        type: object
                      annotations:
                        additionalProperties:
                          type: string
                        description: annotations is a map of string key and value
                          pairs. It specifies Kubernetes annotations for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      domain:
                        description: domain is the domain name of the component cluster.
                        minLength: 1
                        type: string
                      externalTrafficPolicy:
                        description: externalTrafficPolicy specifies the external
                          traffic policy for the service. Valid options are `Local`
                          and `Cluster`.
                        enum:
                        - Local
                        - Cluster
                        type: string
                      labels:
                        additionalProperties:
                          type: string
                        description: labels is a map of string key and value pairs.
                          It specifies Kubernetes labels for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      loadBalancerSourceRanges:
                        description: loadBalancerSourceRanges specify the source ranges.
                        items:
                          type: string
                        type: array
                      port:
                        description: port specifies the external port for the client
                          consumption. If not configured, the same internal/external
                          port is configured for the component. Information about
                          the port can be retrieved through the status API.
                        format: int32
                        type: integer
                      prefix:
                        description: prefix specify the prefix for the given domain.
                          The default value is the name of the cluster.
                        minLength: 1
                        type: string
                      servicePorts:
                        description: servicePorts specify the user-provided service
                          port(s).
                        items:
                          description: ServicePort contains information on service's
                            port.
                          properties:
                            appProtocol:
                              description: The application protocol for this port.
                                This field follows standard Kubernetes label syntax.
                                Un-prefixed names are reserved for IANA standard service
                                names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
                                Non-standard protocols should use prefixed names such
                                as mycompany.com/my-custom-protocol.
                              type: string
                            name:
                              description: The name of this port within the service.
                                This must be a DNS_LABEL. All ports within a ServiceSpec
                                must have unique names. When considering the endpoints
                                for a Service, this must match the 'name' field in
                                the EndpointPort. Optional if only one ServicePort
                                is defined on this service.
                              type: string
                            nodePort:
                              description: 'The port on each node on which this service
                                is exposed when type is NodePort or LoadBalancer.  Usually
                                assigned by the system. If a value is specified, in-range,
                                and not in use it will be used, otherwise the operation
                                will fail.  If not specified, a port will be allocated
                                if this Service requires one.  If this field is specified
                                when creating a Service which does not need it, creation
                                will fail. This field will be wiped when updating
                                a Service to no longer need it (e.g. changing type
                                from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
                              format: int32
                              type: integer
                            port:
                              description: The port that will be exposed by this service.
                              format: int32
                              type: integer
                            protocol:
                              default: TCP
                              description: The IP protocol for this port. Supports
                                "TCP", "UDP", and "SCTP". Default is TCP.
                              type: string
                            targetPort:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'Number or name of the port to access on
                                the pods targeted by the service. Number must be in
                                the range 1 to 65535. Name must be an IANA_SVC_NAME.
                                If this is a string, it will be looked up as a named
                                port in the target Pod''s container ports. If this
                                is not specified, the value of the ''port'' field
                                is used (an identity map). This field is ignored for
                                services with clusterIP=None, and should be omitted
                                or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
                              x-kubernetes-int-or-string: true
                          required:
                          - port
                          type: object
                        type: array
                      sessionAffinity:
                        description: 'sessionAffinity defines the Kubernetes session
                          affinity. The valid options are `ClientIP` and `None`. `ClientIP`
                          enables the client IP-based session affinity. The default
                          value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
                        enum:
                        - ClientIP
                        - None
                        type: string
                      sessionAffinityConfig:
                        description: SessionAffinityConfig contains the configurations
                          of the session affinity.
                        properties:
                          clientIP:
                            description: clientIP contains the configurations of Client
                              IP based session affinity.
                            properties:
                              timeoutSeconds:
                                description: timeoutSeconds specifies the seconds
                                  of ClientIP type session sticky time. The value
                                  must be >0 && <=86400(for 1 day) if ServiceAffinity
                                  == "ClientIP". Default value is 10800(for 3 hours).
                                format: int32
                                type: integer
                            type: object
                        type: object
                    required:
                    - domain
                    type: object
                  nodePort:
                    description: nodePort specifies the configuration to create a
                      Kubernetes node port service.
                    properties:
                      advertisedURL:
                        description: advertisedURL specifies the configuration for
                          advertised listener per pod. It is only supported for MDS
                          currently. If it is enabled, instead of using internal endpoint,
                          the MDS advertised listener for each broker will be set
                          to `<httpSchema>://<host>:<nodePortOffset + podId + 1>,
                          where`podId` starts from `0` to `replicaCount - 1`. This
                          is only recommended if you cannot add internal SANs to the
                          TLS certificates for MDS and the external DNS must be resolved
                          inside the Kubernetes cluster.
                        properties:
                          enabled:
                            description: enabled indicates whether to set the MDS
                              advertised listener url with external endpoint for each
                              broker. Has no effect with Zookeeper, which will always
                              create a listener per pod.
                            type: boolean
                          prefix:
                            description: prefix specifies the broker prefix for MDS/Zookeeper
                              advertised endpoint. If not configured, it uses `b`
                              as default prefix for MDS, such as `b#.domain` where
                              `#` will start from `0` to `replicaCount -1`. It uses
                              'zookeeper' as default prefix for Zookeeper in the same
                              way.
                            minLength: 1
                            type: string
                        required:
                        - enabled
                        type: object
                      annotations:
                        additionalProperties:
                          type: string
                        description: annotations is a map of string key and value
                          pairs. It specifies Kubernetes annotations for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      externalTrafficPolicy:
                        description: externalTrafficPolicy specifies the external
                          traffic policy for the service. Valid options are `Local`
                          and `Cluster`.
                        enum:
                        - Local
                        - Cluster
                        type: string
                      host:
                        description: host defines the host name of the cluster.
                        minLength: 1
                        type: string
                      labels:
                        additionalProperties:
                          type: string
                        description: labels is a map of string key and value pairs.
                          It specifies Kubernetes labels for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      nodePortOffset:
                        description: nodePortOffset specifies the starting offset
                          of the node ports. The port numbers go in ascending order
                          with respect to the replicas count. NodePort service creation
                          fails if the node port is not in the range supported by
                          the Kubernetes API server. The default Kubernetes Node Port
                          range is `30000` - `32762`.
                        format: int32
                        minimum: 0
                        type: integer
                      servicePorts:
                        description: servicePorts specify user-provided service port(s).
                          For Kafka with the nodePort type, this setting is only applied
                          to Kafka bootstrap service.
                        items:
                          description: ServicePort contains information on service's
                            port.
                          properties:
                            appProtocol:
                              description: The application protocol for this port.
                                This field follows standard Kubernetes label syntax.
                                Un-prefixed names are reserved for IANA standard service
                                names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
                                Non-standard protocols should use prefixed names such
                                as mycompany.com/my-custom-protocol.
                              type: string
                            name:
                              description: The name of this port within the service.
                                This must be a DNS_LABEL. All ports within a ServiceSpec
                                must have unique names. When considering the endpoints
                                for a Service, this must match the 'name' field in
                                the EndpointPort. Optional if only one ServicePort
                                is defined on this service.
                              type: string
                            nodePort:
                              description: 'The port on each node on which this service
                                is exposed when type is NodePort or LoadBalancer.  Usually
                                assigned by the system. If a value is specified, in-range,
                                and not in use it will be used, otherwise the operation
                                will fail.  If not specified, a port will be allocated
                                if this Service requires one.  If this field is specified
                                when creating a Service which does not need it, creation
                                will fail. This field will be wiped when updating
                                a Service to no longer need it (e.g. changing type
                                from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
                              format: int32
                              type: integer
                            port:
                              description: The port that will be exposed by this service.
                              format: int32
                              type: integer
                            protocol:
                              default: TCP
                              description: The IP protocol for this port. Supports
                                "TCP", "UDP", and "SCTP". Default is TCP.
                              type: string
                            targetPort:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'Number or name of the port to access on
                                the pods targeted by the service. Number must be in
                                the range 1 to 65535. Name must be an IANA_SVC_NAME.
                                If this is a string, it will be looked up as a named
                                port in the target Pod''s container ports. If this
                                is not specified, the value of the ''port'' field
                                is used (an identity map). This field is ignored for
                                services with clusterIP=None, and should be omitted
                                or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
                              x-kubernetes-int-or-string: true
                          required:
                          - port
                          type: object
                        type: array
                      sessionAffinity:
                        description: 'sessionAffinity defines the Kubernetes session
                          affinity. The valid options are `ClientIP` and `None`. `ClientIP`
                          enables the client IP-based session affinity. The default
                          value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
                        enum:
                        - ClientIP
                        - None
                        type: string
                      sessionAffinityConfig:
                        description: SessionAffinityConfig contains the configurations
                          of the session affinity.
                        properties:
                          clientIP:
                            description: clientIP contains the configurations of Client
                              IP based session affinity.
                            properties:
                              timeoutSeconds:
                                description: timeoutSeconds specifies the seconds
                                  of ClientIP type session sticky time. The value
                                  must be >0 && <=86400(for 1 day) if ServiceAffinity
                                  == "ClientIP". Default value is 10800(for 3 hours).
                                format: int32
                                type: integer
                            type: object
                        type: object
                    required:
                    - host
                    - nodePortOffset
                    type: object
                  route:
                    description: route specifies the configuration to create a route
                      service in OpenShift.
                    properties:
                      annotations:
                        additionalProperties:
                          type: string
                        description: annotations is a map of string key and value
                          pairs. It specifies Kubernetes annotations for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      domain:
                        description: domain specifies the domain name of the Confluent
                          component cluster.
                        minLength: 1
                        type: string
                      labels:
                        additionalProperties:
                          type: string
                        description: labels is a map of string key and value pairs.
                          It specifies Kubernetes labels for this service.
                        type: object
                        x-kubernetes-map-type: granular
                      prefix:
                        description: prefix specifies the component prefix when configured
                          for the domain. The default value is the name of the cluster.
                        minLength: 1
                        type: string
                      wildcardPolicy:
                        description: wildcardPolicy allows you to define a route that
                          covers all hosts within a domain. Valid options are `Subdomain`
                          and `None`. The default value is `None`.
                        enum:
                        - Subdomain
                        - None
                        type: string
                    required:
                    - domain
                    type: object
                  type:
                    description: type specifies the Kubernetes external service for
                      the component. Valid options are `loadBalancer`, `nodePort`,
                      and `route`.
                    enum:
                    - loadBalancer
                    - nodePort
                    - route
                    minLength: 1
                    type: string
                required:
                - type
                type: object
              headlessService:
                description: headlessService specifies the configuration of the Kubernetes
                  headless service.
                properties:
                  annotations:
                    additionalProperties:
                      type: string
                    description: annotations is a map of string key and value pairs.
                      It specifies the annotations to be added to the CFK-created
                      headless service. These annotations are merged with the injectAnnotations
                      and take precedence.
                    type: object
                    x-kubernetes-map-type: granular
                  labels:
                    additionalProperties:
                      type: string
                    description: labels is a map of string key and value pairs. It
                      specifies the labels to be added to the CFK-created headless
                      service. These labels are merged with the injectLabels and take
                      precedence.
                    type: object
                    x-kubernetes-map-type: granular
                  publishNotReadyAddresses:
                    description: publishNotReadyAddresses specifies the publishNotReadyAddresses
                      field. For Kafka, this value must be true. The default value
                      is true.
                    type: boolean
                type: object
              image:
                description: image specifies the application and the init docker image
                  configurations. A change to this setting will roll the cluster.
                properties:
                  application:
                    description: application is the Docker image name of the application.
                      Specify `<Docker-registry FQDN>/<docker-repository-name>/<component-image-name>:<tag>`.
                    pattern: .+:.+
                    type: string
                  init:
                    description: init is the init-container name. Specify `<Docker-registry
                      FQDN>/<docker-repository-name>/<init-container-image-name>:<tag>`.
                    pattern: .+:.+
                    type: string
                  pullPolicy:
                    description: pullPolicy is the policy for pulling images. Valid
                      options are `Always`, `Never`, and `IfNotPresent`. The default
                      value is `IfNotPresent`.
                    enum:
                    - Always
                    - Never
                    - IfNotPresent
                    type: string
                  pullSecretRef:
                    description: 'pullSecretRef references the secrets in the same
                      namespace to be used for pulling images. Image pull secrets
                      are distinct from secrets because secrets can be mounted in
                      the pod, but image pull secrets are only accessed by `kubelet`.
                      More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
                    items:
                      type: string
                    type: array
                required:
                - application
                - init
                type: object
              injectAnnotations:
                additionalProperties:
                  type: string
                description: injectAnnotations are the annotations injected to the
                  internal resources that CFK created. The internal annotations are
                  preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
                type: object
                x-kubernetes-map-type: granular
              injectLabels:
                additionalProperties:
                  type: string
                description: injectLabels are the labels injected to the internal
                  resources that CFK created. The internal labels are preserved and
                  cannot be overridden. For pod labels, use `podTemplate.labels`.
                type: object
                x-kubernetes-map-type: granular
              internalTopicReplicatorFactor:
                description: internalTopicReplicatorFactor specifies the replication
                  factor for internal topics.
                format: int32
                minimum: 1
                type: integer
              k8sClusterDomain:
                description: k8sClusterDomain specifies the configuration of the Kubernetes
                  cluster domain. The default is the `cluster.local` domain.
                type: string
              license:
                description: license specifies the license configuration for the Confluent
                  Platform component.
                properties:
                  directoryPathInContainer:
                    description: 'directoryPathInContainer specifies the directory
                      path in the container where the license key is mounted. More
                      info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
                    minLength: 1
                    type: string
                  globalLicense:
                    description: globalLicense specifies whether the Confluent Platform
                      component shares the common global license.
                    type: boolean
                  secretRef:
                    description: 'secretRef references the secret that provides the
                      license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
                    maxLength: 30
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                    type: string
                type: object
              listeners:
                description: listeners specify the listeners configurations.
                properties:
                  external:
                    description: external specifies the Confluent component external
                      listener.
                    properties:
                      externalAccess:
                        description: externalAccess defines the external access configuration
                          for the Confluent component.
                        properties:
                          loadBalancer:
                            description: loadBalancer specifies the configuration
                              to create a Kubernetes load balancer service.
                            properties:
                              advertisedURL:
                                description: 'advertisedURL specifies the configuration
                                  for advertised listener per pod. It is only supported
                                  for MDS currently. If it is enabled, instead of
                                  using internal endpoint, the MDS advertised listener
                                  for each broker will be set to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
                                  where podId starts from `0` to `replicaCount -1`.
                                  This is only recommended if you cannot add internal
                                  SANs to the TLS certificates for MDS and the external
                                  DNS must be resolved inside the Kubernetes cluster.
                                  This configuration will not take effect if MDS enabled
                                  dual listener setup.'
                                properties:
                                  enabled:
                                    description: enabled indicates whether to set
                                      the MDS advertised listener url with external
                                      endpoint for each broker. Has no effect with
                                      Zookeeper, which will always create a listener
                                      per pod.
                                    type: boolean
                                  prefix:
                                    description: prefix specifies the broker prefix
                                      for MDS/Zookeeper advertised endpoint. If not
                                      configured, it uses `b` as default prefix for
                                      MDS, such as `b#.domain` where `#` will start
                                      from `0` to `replicaCount -1`. It uses 'zookeeper'
                                      as default prefix for Zookeeper in the same
                                      way.
                                    minLength: 1
                                    type: string
                                required:
                                - enabled
                                type: object
                              annotations:
                                additionalProperties:
                                  type: string
                                description: annotations is a map of string key and
                                  value pairs. It specifies Kubernetes annotations
                                  for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              domain:
                                description: domain is the domain name of the component
                                  cluster.
                                minLength: 1
                                type: string
                              externalTrafficPolicy:
                                description: externalTrafficPolicy specifies the external
                                  traffic policy for the service. Valid options are
                                  `Local` and `Cluster`.
                                enum:
                                - Local
                                - Cluster
                                type: string
                              labels:
                                additionalProperties:
                                  type: string
                                description: labels is a map of string key and value
                                  pairs. It specifies Kubernetes labels for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              loadBalancerSourceRanges:
                                description: loadBalancerSourceRanges specify the
                                  source ranges.
                                items:
                                  type: string
                                type: array
                              port:
                                description: port specifies the external port for
                                  the client consumption. If not configured, the same
                                  internal/external port is configured for the component.
                                  Information about the port can be retrieved through
                                  the status API.
                                format: int32
                                type: integer
                              prefix:
                                description: prefix specify the prefix for the given
                                  domain. The default value is the name of the cluster.
                                minLength: 1
                                type: string
                              servicePorts:
                                description: servicePorts specify the user-provided
                                  service port(s).
                                items:
                                  description: ServicePort contains information on
                                    service's port.
                                  properties:
                                    appProtocol:
                                      description: The application protocol for this
                                        port. This field follows standard Kubernetes
                                        label syntax. Un-prefixed names are reserved
                                        for IANA standard service names (as per RFC-6335
                                        and http://www.iana.org/assignments/service-names).
                                        Non-standard protocols should use prefixed
                                        names such as mycompany.com/my-custom-protocol.
                                      type: string
                                    name:
                                      description: The name of this port within the
                                        service. This must be a DNS_LABEL. All ports
                                        within a ServiceSpec must have unique names.
                                        When considering the endpoints for a Service,
                                        this must match the 'name' field in the EndpointPort.
                                        Optional if only one ServicePort is defined
                                        on this service.
                                      type: string
                                    nodePort:
                                      description: 'The port on each node on which
                                        this service is exposed when type is NodePort
                                        or LoadBalancer.  Usually assigned by the
                                        system. If a value is specified, in-range,
                                        and not in use it will be used, otherwise
                                        the operation will fail.  If not specified,
                                        a port will be allocated if this Service requires
                                        one.  If this field is specified when creating
                                        a Service which does not need it, creation
                                        will fail. This field will be wiped when updating
                                        a Service to no longer need it (e.g. changing
                                        type from NodePort to ClusterIP). More info:
                                        https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
                                      format: int32
                                      type: integer
                                    port:
                                      description: The port that will be exposed by
                                        this service.
                                      format: int32
                                      type: integer
                                    protocol:
                                      default: TCP
                                      description: The IP protocol for this port.
                                        Supports "TCP", "UDP", and "SCTP". Default
                                        is TCP.
                                      type: string
                                    targetPort:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: 'Number or name of the port to
                                        access on the pods targeted by the service.
                                        Number must be in the range 1 to 65535. Name
                                        must be an IANA_SVC_NAME. If this is a string,
                                        it will be looked up as a named port in the
                                        target Pod''s container ports. If this is
                                        not specified, the value of the ''port'' field
                                        is used (an identity map). This field is ignored
                                        for services with clusterIP=None, and should
                                        be omitted or set equal to the ''port'' field.
                                        More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                                type: array
                              sessionAffinity:
                                description: 'sessionAffinity defines the Kubernetes
                                  session affinity. The valid options are `ClientIP`
                                  and `None`. `ClientIP` enables the client IP-based
                                  session affinity. The default value is `None`. More
                                  info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
                                enum:
                                - ClientIP
                                - None
                                type: string
                              sessionAffinityConfig:
                                description: SessionAffinityConfig contains the configurations
                                  of the session affinity.
                                properties:
                                  clientIP:
                                    description: clientIP contains the configurations
                                      of Client IP based session affinity.
                                    properties:
                                      timeoutSeconds:
                                        description: timeoutSeconds specifies the
                                          seconds of ClientIP type session sticky
                                          time. The value must be >0 && <=86400(for
                                          1 day) if ServiceAffinity == "ClientIP".
                                          Default value is 10800(for 3 hours).
                                        format: int32
                                        type: integer
                                    type: object
                                type: object
                            required:
                            - domain
                            type: object
                          nodePort:
                            description: nodePort specifies the configuration to create
                              a Kubernetes node port service.
                            properties:
                              advertisedURL:
                                description: advertisedURL specifies the configuration
                                  for advertised listener per pod. It is only supported
                                  for MDS currently. If it is enabled, instead of
                                  using internal endpoint, the MDS advertised listener
                                  for each broker will be set to `<httpSchema>://<host>:<nodePortOffset
                                  + podId + 1>, where`podId` starts from `0` to `replicaCount
                                  - 1`. This is only recommended if you cannot add
                                  internal SANs to the TLS certificates for MDS and
                                  the external DNS must be resolved inside the Kubernetes
                                  cluster.
                                properties:
                                  enabled:
                                    description: enabled indicates whether to set
                                      the MDS advertised listener url with external
                                      endpoint for each broker. Has no effect with
                                      Zookeeper, which will always create a listener
                                      per pod.
                                    type: boolean
                                  prefix:
                                    description: prefix specifies the broker prefix
                                      for MDS/Zookeeper advertised endpoint. If not
                                      configured, it uses `b` as default prefix for
                                      MDS, such as `b#.domain` where `#` will start
                                      from `0` to `replicaCount -1`. It uses 'zookeeper'
                                      as default prefix for Zookeeper in the same
                                      way.
                                    minLength: 1
                                    type: string
                                required:
                                - enabled
                                type: object
                              annotations:
                                additionalProperties:
                                  type: string
                                description: annotations is a map of string key and
                                  value pairs. It specifies Kubernetes annotations
                                  for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              externalTrafficPolicy:
                                description: externalTrafficPolicy specifies the external
                                  traffic policy for the service. Valid options are
                                  `Local` and `Cluster`.
                                enum:
                                - Local
                                - Cluster
                                type: string
                              host:
                                description: host defines the host name of the cluster.
                                minLength: 1
                                type: string
                              labels:
                                additionalProperties:
                                  type: string
                                description: labels is a map of string key and value
                                  pairs. It specifies Kubernetes labels for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              nodePortOffset:
                                description: nodePortOffset specifies the starting
                                  offset of the node ports. The port numbers go in
                                  ascending order with respect to the replicas count.
                                  NodePort service creation fails if the node port
                                  is not in the range supported by the Kubernetes
                                  API server. The default Kubernetes Node Port range
                                  is `30000` - `32762`.
                                format: int32
                                minimum: 0
                                type: integer
                              servicePorts:
                                description: servicePorts specify user-provided service
                                  port(s). For Kafka with the nodePort type, this
                                  setting is only applied to Kafka bootstrap service.
                                items:
                                  description: ServicePort contains information on
                                    service's port.
                                  properties:
                                    appProtocol:
                                      description: The application protocol for this
                                        port. This field follows standard Kubernetes
                                        label syntax. Un-prefixed names are reserved
                                        for IANA standard service names (as per RFC-6335
                                        and http://www.iana.org/assignments/service-names).
                                        Non-standard protocols should use prefixed
                                        names such as mycompany.com/my-custom-protocol.
                                      type: string
                                    name:
                                      description: The name of this port within the
                                        service. This must be a DNS_LABEL. All ports
                                        within a ServiceSpec must have unique names.
                                        When considering the endpoints for a Service,
                                        this must match the 'name' field in the EndpointPort.
                                        Optional if only one ServicePort is defined
                                        on this service.
                                      type: string
                                    nodePort:
                                      description: 'The port on each node on which
                                        this service is exposed when type is NodePort
                                        or LoadBalancer.  Usually assigned by the
                                        system. If a value is specified, in-range,
                                        and not in use it will be used, otherwise
                                        the operation will fail.  If not specified,
                                        a port will be allocated if this Service requires
                                        one.  If this field is specified when creating
                                        a Service which does not need it, creation
                                        will fail. This field will be wiped when updating
                                        a Service to no longer need it (e.g. changing
                                        type from NodePort to ClusterIP). More info:
                                        https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
                                      format: int32
                                      type: integer
                                    port:
                                      description: The port that will be exposed by
                                        this service.
                                      format: int32
                                      type: integer
                                    protocol:
                                      default: TCP
                                      description: The IP protocol for this port.
                                        Supports "TCP", "UDP", and "SCTP". Default
                                        is TCP.
                                      type: string
                                    targetPort:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: 'Number or name of the port to
                                        access on the pods targeted by the service.
                                        Number must be in the range 1 to 65535. Name
                                        must be an IANA_SVC_NAME. If this is a string,
                                        it will be looked up as a named port in the
                                        target Pod''s container ports. If this is
                                        not specified, the value of the ''port'' field
                                        is used (an identity map). This field is ignored
                                        for services with clusterIP=None, and should
                                        be omitted or set equal to the ''port'' field.
                                        More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                                type: array
                              sessionAffinity:
                                description: 'sessionAffinity defines the Kubernetes
                                  session affinity. The valid options are `ClientIP`
                                  and `None`. `ClientIP` enables the client IP-based
                                  session affinity. The default value is `None`. More
                                  info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
                                enum:
                                - ClientIP
                                - None
                                type: string
                              sessionAffinityConfig:
                                description: SessionAffinityConfig contains the configurations
                                  of the session affinity.
                                properties:
                                  clientIP:
                                    description: clientIP contains the configurations
                                      of Client IP based session affinity.
                                    properties:
                                      timeoutSeconds:
                                        description: timeoutSeconds specifies the
                                          seconds of ClientIP type session sticky
                                          time. The value must be >0 && <=86400(for
                                          1 day) if ServiceAffinity == "ClientIP".
                                          Default value is 10800(for 3 hours).
                                        format: int32
                                        type: integer
                                    type: object
                                type: object
                            required:
                            - host
                            - nodePortOffset
                            type: object
                          route:
                            description: route specifies the configuration to create
                              a route service in OpenShift.
                            properties:
                              annotations:
                                additionalProperties:
                                  type: string
                                description: annotations is a map of string key and
                                  value pairs. It specifies Kubernetes annotations
                                  for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              domain:
                                description: domain specifies the domain name of the
                                  Confluent component cluster.
                                minLength: 1
                                type: string
                              labels:
                                additionalProperties:
                                  type: string
                                description: labels is a map of string key and value
                                  pairs. It specifies Kubernetes labels for this service.
                                type: object
                                x-kubernetes-map-type: granular
                              prefix:
                                description: prefix specifies the component prefix
                                  when configured for the domain. The default value
                                  is the name of the cluster.
                                minLength: 1
                                type: string
                              wildcardPolicy:
                                description: wildcardPolicy allows you to define a
                                  route that covers all hosts within a domain. Valid
                                  options are `Subdomain` and `None`. The default
                                  value is `None`.
                                enum:
                                - Subdomain
                                - None
                                type: string
                            required:
                            - domain
                            type: object
                          type:
                            description: type specifies the Kubernetes external service
                              for the component. Valid options are `loadBalancer`,
                              `nodePort`, and `route`.
                            enum:
                            - loadBalancer
                            - nodePort
                            - route
                            minLength: 1
                            type: string
                        required:
                        - type
                        type: object
                      tls:
                        description: tls specifies the TLS configuration for the listener.
                        properties:
                          directoryPathInContainer:
                            description: directoryPathInContainer specifies the directory
                              path in the container where `keystore.jks`, `truststore.jks`,
                              and `jksPassword.txt` keys are mounted. `truststore.jks`
                              is not configured and can be ignored when the `ignoreTrustStoreConfig`
                              field is set to `true`.
                            minLength: 1
                            type: string
                          enabled:
                            description: enabled specifies to enable the TLS configuration
                              for the Confluent component.
                            type: boolean
                          ignoreTrustStoreConfig:
                            description: ignoreTrustStoreConfig indicates whether
                              to ignore the truststore configuration for the Confluent
                              component.
                            type: boolean
                          jksPassword:
                            description: jksPassword references the secret containing
                              the JKS password.
                            properties:
                              secretRef:
                                description: 'secretRef references the name of the
                                  secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            required:
                            - secretRef
                            type: object
                          secretRef:
                            description: 'secretRef references the secret containing
                              the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - enabled
                        type: object
                    type: object
                  internal:
                    description: internal specifies the Confluent component's internal
                      listener. This internal listener is for intra-communication
                      between the pods.
                    properties:
                      port:
                        description: port binds the given port to the internal listener.
                          If not configured, it will be defaulted to the component-specific
                          internal port. Port numbers lower than `9093` are reserved
                          by CFK.
                        format: int32
                        minimum: 9093
                        type: integer
                      tls:
                        description: tls specifies the TLS configuration for the listener.
                        properties:
                          directoryPathInContainer:
                            description: directoryPathInContainer specifies the directory
                              path in the container where `keystore.jks`, `truststore.jks`,
                              and `jksPassword.txt` keys are mounted. `truststore.jks`
                              is not configured and can be ignored when the `ignoreTrustStoreConfig`
                              field is set to `true`.
                            minLength: 1
                            type: string
                          enabled:
                            description: enabled specifies to enable the TLS configuration
                              for the Confluent component.
                            type: boolean
                          ignoreTrustStoreConfig:
                            description: ignoreTrustStoreConfig indicates whether
                              to ignore the truststore configuration for the Confluent
                              component.
                            type: boolean
                          jksPassword:
                            description: jksPassword references the secret containing
                              the JKS password.
                            properties:
                              secretRef:
                                description: 'secretRef references the name of the
                                  secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                                maxLength: 30
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                            required:
                            - secretRef
                            type: object
                          secretRef:
                            description: 'secretRef references the secret containing
                              the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - enabled
                        type: object
                    type: object
                type: object
              metrics:
                description: metrics specify the security settings for the metric
                  services.
                properties:
                  authentication:
                    description: authentication specifies the authentication configuration
                      for the metrics.
                    properties:
                      type:
                        description: type specifies the metrics authentication method.
                          The valid option is `mtls`.
                        enum:
                        - mtls
                        type: string
                    required:
                    - type
                    type: object
                  prometheus:
                    description: prometheus specifies the configuration overrides
                      for the JMX-Prometheus exporter.
                    properties:
                      blacklist:
                        items:
                          type: string
                        type: array
                      rules:
                        items:
                          description: Rule defines the Prometheus Exporter rule override.
                          properties:
                            attrNameSnakeCase:
                              type: boolean
                            cache:
                              type: boolean
                            help:
                              minLength: 1
                              type: string
                            labels:
                              additionalProperties:
                                type: string
                              type: object
                              x-kubernetes-map-type: granular
                            name:
                              minLength: 1
                              type: string
                            pattern:
                              minLength: 1
                              type: string
                            type:
                              minLength: 1
                              type: string
                            value:
                              minLength: 1
                              type: string
                            valueFactor:
                              anyOf:
                              - type: integer
                              - type: string
                              default: 1
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        type: array
                      whitelist:
                        items:
                          type: string
                        type: array
                    type: object
                  tls:
                    description: tls specifies the TLS configuration for the metrics.
                    properties:
                      directoryPathInContainer:
                        description: directoryPathInContainer specifies the directory
                          path in the container where `keystore.jks`, `truststore.jks`,
                          and `jksPassword.txt` keys are mounted. `truststore.jks`
                          is not configured and can be ignored when the `ignoreTrustStoreConfig`
                          field is set to `true`.
                        minLength: 1
                        type: string
                      enabled:
                        description: enabled specifies to enable the TLS configuration
                          for the Confluent component.
                        type: boolean
                      ignoreTrustStoreConfig:
                        description: ignoreTrustStoreConfig indicates whether to ignore
                          the truststore configuration for the Confluent component.
                        type: boolean
                      jksPassword:
                        description: jksPassword references the secret containing
                          the JKS password.
                        properties:
                          secretRef:
                            description: 'secretRef references the name of the secret
                              containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                            maxLength: 30
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                        required:
                        - secretRef
                        type: object
                      secretRef:
                        description: 'secretRef references the secret containing the
                          certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                        maxLength: 30
                        minLength: 1
                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                        type: string
                    required:
                    - enabled
                    type: object
                type: object
              mountedSecrets:
                description: 'mountedSecrets list the secrets injected to the underlying
                  statefulset configuration. The secret reference is mounted in the
                  default path `/mnt/secrets/<secret-name>`. The underlying resources
                  will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
                  A change to this setting will roll the cluster.'
                items:
                  description: MountedSecrets provides a way to inject a custom secret
                    to the underlying statefulset.
                  properties:
                    keyItems:
                      description: keyItems are key and path names.
                      items:
                        description: Maps a string key to a path within a volume.
                        properties:
                          key:
                            description: The key to project.
                            type: string
                          mode:
                            description: 'Optional: mode bits used to set permissions
                              on this file. Must be an octal value between 0000 and
                              0777 or a decimal value between 0 and 511. YAML accepts
                              both octal and decimal values, JSON requires decimal
                              values for mode bits. If not specified, the volume defaultMode
                              will be used. This might be in conflict with other options
                              that affect the file mode, like fsGroup, and the result
                              can be other mode bits set.'
                            format: int32
                            type: integer
                          path:
                            description: The relative path of the file to map the
                              key to. May not be an absolute path. May not contain
                              the path element '..'. May not start with the string
                              '..'.
                            type: string
                        required:
                        - key
                        - path
                        type: object
                      type: array
                    secretRef:
                      description: secretRef references the name of the secret.
                      maxLength: 30
                      minLength: 1
                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                      type: string
                  required:
                  - secretRef
                  type: object
                type: array
              mountedVolumes:
                description: mountedVolumes list the custom volumes that need to be
                  mounted into the underlying statefulset. A change to this setting
                  will roll the cluster.
                properties:
                  volumeMounts:
                    description: volumeMounts specify the list of volume mounts for
                      the pods in the statefulset.
                    items:
                      description: VolumeMount describes a mounting of a Volume within
                        a container.
                      properties:
                        mountPath:
                          description: Path within the container at which the volume
                            should be mounted.  Must not contain ':'.
                          type: string
                        mountPropagation:
                          description: mountPropagation determines how mounts are
                            propagated from the host to container and the other way
                            around. When not set, MountPropagationNone is used. This
                            field is beta in 1.10.
                          type: string
                        name:
                          description: This must match the Name of a Volume.
                          type: string
                        readOnly:
                          description: Mounted read-only if true, read-write otherwise
                            (false or unspecified). Defaults to false.
                          type: boolean
                        subPath:
                          description: Path within the volume from which the container's
                            volume should be mounted. Defaults to "" (volume's root).
                          type: string
                        subPathExpr:
                          description: Expanded path within the volume from which
                            the container's volume should be mounted. Behaves similarly
                            to SubPath but environment variable references $(VAR_NAME)
                            are expanded using the container's environment. Defaults
                            to "" (volume's root). SubPathExpr and SubPath are mutually
                            exclusive.
                          type: string
                      required:
                      - mountPath
                      - name
                      type: object
                    type: array
                  volumes:
                    description: volumes specify the list of volumes that can be mounted
                      into the pods of statefulset.
                    items:
                      description: Volume represents a named volume in a pod that
                        may be accessed by any container in the pod.
                      properties:
                        awsElasticBlockStore:
                          description: 'AWSElasticBlockStore represents an AWS Disk
                            resource that is attached to a kubelet''s host machine
                            and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                          properties:
                            fsType:
                              description: 'Filesystem type of the volume that you
                                want to mount. Tip: Ensure that the filesystem type
                                is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'The partition in the volume that you want
                                to mount. If omitted, the default is to mount by volume
                                name. Examples: For volume /dev/sda1, you specify
                                the partition as "1". Similarly, the volume partition
                                for /dev/sda is "0" (or you can leave the property
                                empty).'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'Specify "true" to force and set the ReadOnly
                                property in VolumeMounts to "true". If omitted, the
                                default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: boolean
                            volumeID:
                              description: 'Unique ID of the persistent disk resource
                                in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: string
                          required:
                          - volumeID
                          type: object
                        azureDisk:
                          description: AzureDisk represents an Azure Data Disk mount
                            on the host and bind mount to the pod.
                          properties:
                            cachingMode:
                              description: 'Host Caching mode: None, Read Only, Read
                                Write.'
                              type: string
                            diskName:
                              description: The Name of the data disk in the blob storage
                              type: string
                            diskURI:
                              description: The URI the data disk in the blob storage
                              type: string
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Implicitly inferred to be "ext4" if
                                unspecified.
                              type: string
                            kind:
                              description: 'Expected values Shared: multiple blob
                                disks per storage account  Dedicated: single blob
                                disk per storage account  Managed: azure managed data
                                disk (only in managed availability set). defaults
                                to shared'
                              type: string
                            readOnly:
                              description: Defaults to false (read/write). ReadOnly
                                here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                          required:
                          - diskName
                          - diskURI
                          type: object
                        azureFile:
                          description: AzureFile represents an Azure File Service
                            mount on the host and bind mount to the pod.
                          properties:
                            readOnly:
                              description: Defaults to false (read/write). ReadOnly
                                here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretName:
                              description: the name of secret that contains Azure
                                Storage Account Name and Key
                              type: string
                            shareName:
                              description: Share Name
                              type: string
                          required:
                          - secretName
                          - shareName
                          type: object
                        cephfs:
                          description: CephFS represents a Ceph FS mount on the host
                            that shares a pod's lifetime
                          properties:
                            monitors:
                              description: 'Required: Monitors is a collection of
                                Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            path:
                              description: 'Optional: Used as the mounted root, rather
                                than the full Ceph tree, default is /'
                              type: string
                            readOnly:
                              description: 'Optional: Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                                More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: boolean
                            secretFile:
                              description: 'Optional: SecretFile is the path to key
                                ring for User, default is /etc/ceph/user.secret More
                                info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                            secretRef:
                              description: 'Optional: SecretRef is reference to the
                                authentication secret for User, default is empty.
                                More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            user:
                              description: 'Optional: User is the rados user name,
                                default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                          required:
                          - monitors
                          type: object
                        cinder:
                          description: 'Cinder represents a cinder volume attached
                            and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                          properties:
                            fsType:
                              description: 'Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                            readOnly:
                              description: 'Optional: Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                                More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: boolean
                            secretRef:
                              description: 'Optional: points to a secret object containing
                                parameters used to connect to OpenStack.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            volumeID:
                              description: 'volume id used to identify the volume
                                in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                          required:
                          - volumeID
                          type: object
                        configMap:
                          description: ConfigMap represents a configMap that should
                            populate this volume
                          properties:
                            defaultMode:
                              description: 'Optional: mode bits used to set permissions
                                on created files by default. Must be an octal value
                                between 0000 and 0777 or a decimal value between 0
                                and 511. YAML accepts both octal and decimal values,
                                JSON requires decimal values for mode bits. Defaults
                                to 0644. Directories within the path are not affected
                                by this setting. This might be in conflict with other
                                options that affect the file mode, like fsGroup, and
                                the result can be other mode bits set.'
                              format: int32
                              type: integer
                            items:
                              description: If unspecified, each key-value pair in
                                the Data field of the referenced ConfigMap will be
                                projected into the volume as a file whose name is
                                the key and content is the value. If specified, the
                                listed keys will be projected into the specified paths,
                                and unlisted keys will not be present. If a key is
                                specified which is not present in the ConfigMap, the
                                volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: The key to project.
                                    type: string
                                  mode:
                                    description: 'Optional: mode bits used to set
                                      permissions on this file. Must be an octal value
                                      between 0000 and 0777 or a decimal value between
                                      0 and 511. YAML accepts both octal and decimal
                                      values, JSON requires decimal values for mode
                                      bits. If not specified, the volume defaultMode
                                      will be used. This might be in conflict with
                                      other options that affect the file mode, like
                                      fsGroup, and the result can be other mode bits
                                      set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: The relative path of the file to
                                      map the key to. May not be an absolute path.
                                      May not contain the path element '..'. May not
                                      start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its keys
                                must be defined
                              type: boolean
                          type: object
                          x-kubernetes-map-type: atomic
                        csi:
                          description: CSI (Container Storage Interface) represents
                            ephemeral storage that is handled by certain external
                            CSI drivers (Beta feature).
                          properties:
                            driver:
                              description: Driver is the name of the CSI driver that
                                handles this volume. Consult with your admin for the
                                correct name as registered in the cluster.
                              type: string
                            fsType:
                              description: Filesystem type to mount. Ex. "ext4", "xfs",
                                "ntfs". If not provided, the empty value is passed
                                to the associated CSI driver which will determine
                                the default filesystem to apply.
                              type: string
                            nodePublishSecretRef:
                              description: NodePublishSecretRef is a reference to
                                the secret object containing sensitive information
                                to pass to the CSI driver to complete the CSI NodePublishVolume
                                and NodeUnpublishVolume calls. This field is optional,
                                and  may be empty if no secret is required. If the
                                secret object contains more than one secret, all secret
                                references are passed.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            readOnly:
                              description: Specifies a read-only configuration for
                                the volume. Defaults to false (read/write).
                              type: boolean
                            volumeAttributes:
                              additionalProperties:
                                type: string
                              description: VolumeAttributes stores driver-specific
                                properties that are passed to the CSI driver. Consult
                                your driver's documentation for supported values.
                              type: object
                          required:
                          - driver
                          type: object
                        downwardAPI:
                          description: DownwardAPI represents downward API about the
                            pod that should populate this volume
                          properties:
                            defaultMode:
                              description: 'Optional: mode bits to use on created
                                files by default. Must be a Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: Items is a list of downward API volume
                                file
                              items:
                                description: DownwardAPIVolumeFile represents information
                                  to create the file containing the pod field
                                properties:
                                  fieldRef:
                                    description: 'Required: Selects a field of the
                                      pod: only annotations, labels, name and namespace
                                      are supported.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  mode:
                                    description: 'Optional: mode bits used to set
                                      permissions on this file, must be an octal value
                                      between 0000 and 0777 or a decimal value between
                                      0 and 511. YAML accepts both octal and decimal
                                      values, JSON requires decimal values for mode
                                      bits. If not specified, the volume defaultMode
                                      will be used. This might be in conflict with
                                      other options that affect the file mode, like
                                      fsGroup, and the result can be other mode bits
                                      set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: 'Required: Path is  the relative
                                      path name of the file to be created. Must not
                                      be absolute or contain the ''..'' path. Must
                                      be utf-8 encoded. The first item of the relative
                                      path must not start with ''..'''
                                    type: string
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, requests.cpu and requests.memory)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                    x-kubernetes-map-type: atomic
                                required:
                                - path
                                type: object
                              type: array
                          type: object
                        emptyDir:
                          description: 'EmptyDir represents a temporary directory
                            that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                          properties:
                            medium:
                              description: 'What type of storage medium should back
                                this directory. The default is "" which means to use
                                the node''s default medium. Must be an empty string
                                (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              type: string
                            sizeLimit:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'Total amount of local storage required
                                for this EmptyDir volume. The size limit is also applicable
                                for memory medium. The maximum usage on memory medium
                                EmptyDir would be the minimum value between the SizeLimit
                                specified here and the sum of memory limits of all
                                containers in a pod. The default is nil which means
                                that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        ephemeral:
                          description: "Ephemeral represents a volume that is handled
                            by a cluster storage driver. The volume's lifecycle is
                            tied to the pod that defines it - it will be created before
                            the pod starts, and deleted when the pod is removed. \n
                            Use this if: a) the volume is only needed while the pod
                            runs, b) features of normal volumes like restoring from
                            snapshot or capacity tracking are needed, c) the storage
                            driver is specified through a storage class, and d) the
                            storage driver supports dynamic volume provisioning through
                            a PersistentVolumeClaim (see EphemeralVolumeSource for
                            more information on the connection between this volume
                            type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
                            or one of the vendor-specific APIs for volumes that persist
                            for longer than the lifecycle of an individual pod. \n
                            Use CSI for light-weight local ephemeral volumes if the
                            CSI driver is meant to be used that way - see the documentation
                            of the driver for more information. \n A pod can use both
                            types of ephemeral volumes and persistent volumes at the
                            same time."
                          properties:
                            volumeClaimTemplate:
                              description: "Will be used to create a stand-alone PVC
                                to provision the volume. The pod in which this EphemeralVolumeSource
                                is embedded will be the owner of the PVC, i.e. the
                                PVC will be deleted together with the pod.  The name
                                of the PVC will be `<pod name>-<volume name>` where
                                `<volume name>` is the name from the `PodSpec.Volumes`
                                array entry. Pod validation will reject the pod if
                                the concatenated name is not valid for a PVC (for
                                example, too long). \n An existing PVC with that name
                                that is not owned by the pod will *not* be used for
                                the pod to avoid using an unrelated volume by mistake.
                                Starting the pod is then blocked until the unrelated
                                PVC is removed. If such a pre-created PVC is meant
                                to be used by the pod, the PVC has to updated with
                                an owner reference to the pod once the pod exists.
                                Normally this should not be necessary, but it may
                                be useful when manually reconstructing a broken cluster.
                                \n This field is read-only and no changes will be
                                made by Kubernetes to the PVC after it has been created.
                                \n Required, must not be nil."
                              properties:
                                metadata:
                                  description: May contain labels and annotations
                                    that will be copied into the PVC when creating
                                    it. No other fields are allowed and will be rejected
                                    during validation.
                                  type: object
                                spec:
                                  description: The specification for the PersistentVolumeClaim.
                                    The entire content is copied unchanged into the
                                    PVC that gets created from this template. The
                                    same fields as in a PersistentVolumeClaim are
                                    also valid here.
                                  properties:
                                    accessModes:
                                      description: 'AccessModes contains the desired
                                        access modes the volume should have. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                      items:
                                        type: string
                                      type: array
                                    dataSource:
                                      description: 'This field can be used to specify
                                        either: * An existing VolumeSnapshot object
                                        (snapshot.storage.k8s.io/VolumeSnapshot) *
                                        An existing PVC (PersistentVolumeClaim) If
                                        the provisioner or an external controller
                                        can support the specified data source, it
                                        will create a new volume based on the contents
                                        of the specified data source. If the AnyVolumeDataSource
                                        feature gate is enabled, this field will always
                                        have the same contents as the DataSourceRef
                                        field.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    dataSourceRef:
                                      description: 'Specifies the object from which
                                        to populate the volume with data, if a non-empty
                                        volume is desired. This may be any local object
                                        from a non-empty API group (non core object)
                                        or a PersistentVolumeClaim object. When this
                                        field is specified, volume binding will only
                                        succeed if the type of the specified object
                                        matches some installed volume populator or
                                        dynamic provisioner. This field will replace
                                        the functionality of the DataSource field
                                        and as such if both fields are non-empty,
                                        they must have the same value. For backwards
                                        compatibility, both fields (DataSource and
                                        DataSourceRef) will be set to the same value
                                        automatically if one of them is empty and
                                        the other is non-empty. There are two important
                                        differences between DataSource and DataSourceRef:
                                        * While DataSource only allows two specific
                                        types of objects, DataSourceRef allows any
                                        non-core object, as well as PersistentVolumeClaim
                                        objects. * While DataSource ignores disallowed
                                        values (dropping them), DataSourceRef preserves
                                        all values, and generates an error if a disallowed
                                        value is specified. (Alpha) Using this field
                                        requires the AnyVolumeDataSource feature gate
                                        to be enabled.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resources:
                                      description: 'Resources represents the minimum
                                        resources the volume should have. If RecoverVolumeExpansionFailure
                                        feature is enabled users are allowed to specify
                                        resource requirements that are lower than
                                        previous value but must still be higher than
                                        capacity recorded in the status field of the
                                        claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    selector:
                                      description: A label query over volumes to consider
                                        for binding.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    storageClassName:
                                      description: 'Name of the StorageClass required
                                        by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                      type: string
                                    volumeMode:
                                      description: volumeMode defines what type of
                                        volume is required by the claim. Value of
                                        Filesystem is implied when not included in
                                        claim spec.
                                      type: string
                                    volumeName:
                                      description: VolumeName is the binding reference
                                        to the PersistentVolume backing this claim.
                                      type: string
                                  type: object
                              required:
                              - spec
                              type: object
                          type: object
                        fc:
                          description: FC represents a Fibre Channel resource that
                            is attached to a kubelet's host machine and then exposed
                            to the pod.
                          properties:
                            fsType:
                              description: 'Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Implicitly inferred to be "ext4" if
                                unspecified. TODO: how do we prevent errors in the
                                filesystem from compromising the machine'
                              type: string
                            lun:
                              description: 'Optional: FC target lun number'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'Optional: Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.'
                              type: boolean
                            targetWWNs:
                              description: 'Optional: FC target worldwide names (WWNs)'
                              items:
                                type: string
                              type: array
                            wwids:
                              description: 'Optional: FC volume world wide identifiers
                                (wwids) Either wwids or combination of targetWWNs
                                and lun must be set, but not both simultaneously.'
                              items:
                                type: string
                              type: array
                          type: object
                        flexVolume:
                          description: FlexVolume represents a generic volume resource
                            that is provisioned/attached using an exec based plugin.
                          properties:
                            driver:
                              description: Driver is the name of the driver to use
                                for this volume.
                              type: string
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". The default filesystem depends on FlexVolume
                                script.
                              type: string
                            options:
                              additionalProperties:
                                type: string
                              description: 'Optional: Extra command options if any.'
                              type: object
                            readOnly:
                              description: 'Optional: Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.'
                              type: boolean
                            secretRef:
                              description: 'Optional: SecretRef is reference to the
                                secret object containing sensitive information to
                                pass to the plugin scripts. This may be empty if no
                                secret object is specified. If the secret object contains
                                more than one secret, all secrets are passed to the
                                plugin scripts.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                          required:
                          - driver
                          type: object
                        flocker:
                          description: Flocker represents a Flocker volume attached
                            to a kubelet's host machine. This depends on the Flocker
                            control service being running
                          properties:
                            datasetName:
                              description: Name of the dataset stored as metadata
                                -> name on the dataset for Flocker should be considered
                                as deprecated
                              type: string
                            datasetUUID:
                              description: UUID of the dataset. This is unique identifier
                                of a Flocker dataset
                              type: string
                          type: object
                        gcePersistentDisk:
                          description: 'GCEPersistentDisk represents a GCE Disk resource
                            that is attached to a kubelet''s host machine and then
                            exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                          properties:
                            fsType:
                              description: 'Filesystem type of the volume that you
                                want to mount. Tip: Ensure that the filesystem type
                                is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'The partition in the volume that you want
                                to mount. If omitted, the default is to mount by volume
                                name. Examples: For volume /dev/sda1, you specify
                                the partition as "1". Similarly, the volume partition
                                for /dev/sda is "0" (or you can leave the property
                                empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              format: int32
                              type: integer
                            pdName:
                              description: 'Unique name of the PD resource in GCE.
                                Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: string
                            readOnly:
                              description: 'ReadOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: boolean
                          required:
                          - pdName
                          type: object
                        gitRepo:
                          description: 'GitRepo represents a git repository at a particular
                            revision. DEPRECATED: GitRepo is deprecated. To provision
                            a container with a git repo, mount an EmptyDir into an
                            InitContainer that clones the repo using git, then mount
                            the EmptyDir into the Pod''s container.'
                          properties:
                            directory:
                              description: Target directory name. Must not contain
                                or start with '..'.  If '.' is supplied, the volume
                                directory will be the git repository.  Otherwise,
                                if specified, the volume will contain the git repository
                                in the subdirectory with the given name.
                              type: string
                            repository:
                              description: Repository URL
                              type: string
                            revision:
                              description: Commit hash for the specified revision.
                              type: string
                          required:
                          - repository
                          type: object
                        glusterfs:
                          description: 'Glusterfs represents a Glusterfs mount on
                            the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                          properties:
                            endpoints:
                              description: 'EndpointsName is the endpoint name that
                                details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            path:
                              description: 'Path is the Glusterfs volume path. More
                                info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            readOnly:
                              description: 'ReadOnly here will force the Glusterfs
                                volume to be mounted with read-only permissions. Defaults
                                to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: boolean
                          required:
                          - endpoints
                          - path
                          type: object
                        hostPath:
                          description: 'HostPath represents a pre-existing file or
                            directory on the host machine that is directly exposed
                            to the container. This is generally used for system agents
                            or other privileged things that are allowed to see the
                            host machine. Most containers will NOT need this. More
                            info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                            --- TODO(jonesdl) We need to restrict who can use host
                            directory mounts and who can/can not mount host directories
                            as read/write.'
                          properties:
                            path:
                              description: 'Path of the directory on the host. If
                                the path is a symlink, it will follow the link to
                                the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                            type:
                              description: 'Type for HostPath Volume Defaults to ""
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                          required:
                          - path
                          type: object
                        iscsi:
                          description: 'ISCSI represents an ISCSI Disk resource that
                            is attached to a kubelet''s host machine and then exposed
                            to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                          properties:
                            chapAuthDiscovery:
                              description: whether support iSCSI Discovery CHAP authentication
                              type: boolean
                            chapAuthSession:
                              description: whether support iSCSI Session CHAP authentication
                              type: boolean
                            fsType:
                              description: 'Filesystem type of the volume that you
                                want to mount. Tip: Ensure that the filesystem type
                                is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            initiatorName:
                              description: Custom iSCSI Initiator Name. If initiatorName
                                is specified with iscsiInterface simultaneously, new
                                iSCSI interface <target portal>:<volume name> will
                                be created for the connection.
                              type: string
                            iqn:
                              description: Target iSCSI Qualified Name.
                              type: string
                            iscsiInterface:
                              description: iSCSI Interface Name that uses an iSCSI
                                transport. Defaults to 'default' (tcp).
                              type: string
                            lun:
                              description: iSCSI Target Lun number.
                              format: int32
                              type: integer
                            portals:
                              description: iSCSI Target Portal List. The portal is
                                either an IP or ip_addr:port if the port is other
                                than default (typically TCP ports 860 and 3260).
                              items:
                                type: string
                              type: array
                            readOnly:
                              description: ReadOnly here will force the ReadOnly setting
                                in VolumeMounts. Defaults to false.
                              type: boolean
                            secretRef:
                              description: CHAP Secret for iSCSI target and initiator
                                authentication
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            targetPortal:
                              description: iSCSI Target Portal. The Portal is either
                                an IP or ip_addr:port if the port is other than default
                                (typically TCP ports 860 and 3260).
                              type: string
                          required:
                          - iqn
                          - lun
                          - targetPortal
                          type: object
                        name:
                          description: 'Volume''s name. Must be a DNS_LABEL and unique
                            within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                          type: string
                        nfs:
                          description: 'NFS represents an NFS mount on the host that
                            shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                          properties:
                            path:
                              description: 'Path that is exported by the NFS server.
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                            readOnly:
                              description: 'ReadOnly here will force the NFS export
                                to be mounted with read-only permissions. Defaults
                                to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: boolean
                            server:
                              description: 'Server is the hostname or IP address of
                                the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                          required:
                          - path
                          - server
                          type: object
                        persistentVolumeClaim:
                          description: 'PersistentVolumeClaimVolumeSource represents
                            a reference to a PersistentVolumeClaim in the same namespace.
                            More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                          properties:
                            claimName:
                              description: 'ClaimName is the name of a PersistentVolumeClaim
                                in the same namespace as the pod using this volume.
                                More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              type: string
                            readOnly:
                              description: Will force the ReadOnly setting in VolumeMounts.
                                Default false.
                              type: boolean
                          required:
                          - claimName
                          type: object
                        photonPersistentDisk:
                          description: PhotonPersistentDisk represents a PhotonController
                            persistent disk attached and mounted on kubelets host
                            machine
                          properties:
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Implicitly inferred to be "ext4" if
                                unspecified.
                              type: string
                            pdID:
                              description: ID that identifies Photon Controller persistent
                                disk
                              type: string
                          required:
                          - pdID
                          type: object
                        portworxVolume:
                          description: PortworxVolume represents a portworx volume
                            attached and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: FSType represents the filesystem type to
                                mount Must be a filesystem type supported by the host
                                operating system. Ex. "ext4", "xfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            readOnly:
                              description: Defaults to false (read/write). ReadOnly
                                here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            volumeID:
                              description: VolumeID uniquely identifies a Portworx
                                volume
                              type: string
                          required:
                          - volumeID
                          type: object
                        projected:
                          description: Items for all in one resources secrets, configmaps,
                            and downward API
                          properties:
                            defaultMode:
                              description: Mode bits used to set permissions on created
                                files by default. Must be an octal value between 0000
                                and 0777 or a decimal value between 0 and 511. YAML
                                accepts both octal and decimal values, JSON requires
                                decimal values for mode bits. Directories within the
                                path are not affected by this setting. This might
                                be in conflict with other options that affect the
                                file mode, like fsGroup, and the result can be other
                                mode bits set.
                              format: int32
                              type: integer
                            sources:
                              description: list of volume projections
                              items:
                                description: Projection that may be projected along
                                  with other supported volume types
                                properties:
                                  configMap:
                                    description: information about the configMap data
                                      to project
                                    properties:
                                      items:
                                        description: If unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: The key to project.
                                              type: string
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file. Must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: The relative path of the
                                                file to map the key to. May not be
                                                an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its keys must be defined
                                        type: boolean
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  downwardAPI:
                                    description: information about the downwardAPI
                                      data to project
                                    properties:
                                      items:
                                        description: Items is a list of DownwardAPIVolume
                                          file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                              x-kubernetes-map-type: atomic
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                              x-kubernetes-map-type: atomic
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  secret:
                                    description: information about the secret data
                                      to project
                                    properties:
                                      items:
                                        description: If unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: The key to project.
                                              type: string
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file. Must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: The relative path of the
                                                file to map the key to. May not be
                                                an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  serviceAccountToken:
                                    description: information about the serviceAccountToken
                                      data to project
                                    properties:
                                      audience:
                                        description: Audience is the intended audience
                                          of the token. A recipient of a token must
                                          identify itself with an identifier specified
                                          in the audience of the token, and otherwise
                                          should reject the token. The audience defaults
                                          to the identifier of the apiserver.
                                        type: string
                                      expirationSeconds:
                                        description: ExpirationSeconds is the requested
                                          duration of validity of the service account
                                          token. As the token approaches expiration,
                                          the kubelet volume plugin will proactively
                                          rotate the service account token. The kubelet
                                          will start trying to rotate the token if
                                          the token is older than 80 percent of its
                                          time to live or if the token is older than
                                          24 hours.Defaults to 1 hour and must be
                                          at least 10 minutes.
                                        format: int64
                                        type: integer
                                      path:
                                        description: Path is the path relative to
                                          the mount point of the file to project the
                                          token into.
                                        type: string
                                    required:
                                    - path
                                    type: object
                                type: object
                              type: array
                          type: object
                        quobyte:
                          description: Quobyte represents a Quobyte mount on the host
                            that shares a pod's lifetime
                          properties:
                            group:
                              description: Group to map volume access to Default is
                                no group
                              type: string
                            readOnly:
                              description: ReadOnly here will force the Quobyte volume
                                to be mounted with read-only permissions. Defaults
                                to false.
                              type: boolean
                            registry:
                              description: Registry represents a single or multiple
                                Quobyte Registry services specified as a string as
                                host:port pair (multiple entries are separated with
                                commas) which acts as the central registry for volumes
                              type: string
                            tenant:
                              description: Tenant owning the given Quobyte volume
                                in the Backend Used with dynamically provisioned Quobyte
                                volumes, value is set by the plugin
                              type: string
                            user:
                              description: User to map volume access to Defaults to
                                serivceaccount user
                              type: string
                            volume:
                              description: Volume is a string that references an already
                                created Quobyte volume by name.
                              type: string
                          required:
                          - registry
                          - volume
                          type: object
                        rbd:
                          description: 'RBD represents a Rados Block Device mount
                            on the host that shares a pod''s lifetime. More info:
                            https://examples.k8s.io/volumes/rbd/README.md'
                          properties:
                            fsType:
                              description: 'Filesystem type of the volume that you
                                want to mount. Tip: Ensure that the filesystem type
                                is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            image:
                              description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            keyring:
                              description: 'Keyring is the path to key ring for RBDUser.
                                Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            monitors:
                              description: 'A collection of Ceph monitors. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            pool:
                              description: 'The rados pool name. Default is rbd. More
                                info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            readOnly:
                              description: 'ReadOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: boolean
                            secretRef:
                              description: 'SecretRef is name of the authentication
                                secret for RBDUser. If provided overrides keyring.
                                Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            user:
                              description: 'The rados user name. Default is admin.
                                More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                          required:
                          - image
                          - monitors
                          type: object
                        scaleIO:
                          description: ScaleIO represents a ScaleIO persistent volume
                            attached and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Default is "xfs".
                              type: string
                            gateway:
                              description: The host address of the ScaleIO API Gateway.
                              type: string
                            protectionDomain:
                              description: The name of the ScaleIO Protection Domain
                                for the configured storage.
                              type: string
                            readOnly:
                              description: Defaults to false (read/write). ReadOnly
                                here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: SecretRef references to the secret for
                                ScaleIO user and other sensitive information. If this
                                is not provided, Login operation will fail.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            sslEnabled:
                              description: Flag to enable/disable SSL communication
                                with Gateway, default false
                              type: boolean
                            storageMode:
                              description: Indicates whether the storage for a volume
                                should be ThickProvisioned or ThinProvisioned. Default
                                is ThinProvisioned.
                              type: string
                            storagePool:
                              description: The ScaleIO Storage Pool associated with
                                the protection domain.
                              type: string
                            system:
                              description: The name of the storage system as configured
                                in ScaleIO.
                              type: string
                            volumeName:
                              description: The name of a volume already created in
                                the ScaleIO system that is associated with this volume
                                source.
                              type: string
                          required:
                          - gateway
                          - secretRef
                          - system
                          type: object
                        secret:
                          description: 'Secret represents a secret that should populate
                            this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                          properties:
                            defaultMode:
                              description: 'Optional: mode bits used to set permissions
                                on created files by default. Must be an octal value
                                between 0000 and 0777 or a decimal value between 0
                                and 511. YAML accepts both octal and decimal values,
                                JSON requires decimal values for mode bits. Defaults
                                to 0644. Directories within the path are not affected
                                by this setting. This might be in conflict with other
                                options that affect the file mode, like fsGroup, and
                                the result can be other mode bits set.'
                              format: int32
                              type: integer
                            items:
                              description: If unspecified, each key-value pair in
                                the Data field of the referenced Secret will be projected
                                into the volume as a file whose name is the key and
                                content is the value. If specified, the listed keys
                                will be projected into the specified paths, and unlisted
                                keys will not be present. If a key is specified which
                                is not present in the Secret, the volume setup will
                                error unless it is marked optional. Paths must be
                                relative and may not contain the '..' path or start
                                with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: The key to project.
                                    type: string
                                  mode:
                                    description: 'Optional: mode bits used to set
                                      permissions on this file. Must be an octal value
                                      between 0000 and 0777 or a decimal value between
                                      0 and 511. YAML accepts both octal and decimal
                                      values, JSON requires decimal values for mode
                                      bits. If not specified, the volume defaultMode
                                      will be used. This might be in conflict with
                                      other options that affect the file mode, like
                                      fsGroup, and the result can be other mode bits
                                      set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: The relative path of the file to
                                      map the key to. May not be an absolute path.
                                      May not contain the path element '..'. May not
                                      start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            optional:
                              description: Specify whether the Secret or its keys
                                must be defined
                              type: boolean
                            secretName:
                              description: 'Name of the secret in the pod''s namespace
                                to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              type: string
                          type: object
                        storageos:
                          description: StorageOS represents a StorageOS volume attached
                            and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Implicitly inferred to be "ext4" if
                                unspecified.
                              type: string
                            readOnly:
                              description: Defaults to false (read/write). ReadOnly
                                here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: SecretRef specifies the secret to use for
                                obtaining the StorageOS API credentials.  If not specified,
                                default values will be attempted.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            volumeName:
                              description: VolumeName is the human-readable name of
                                the StorageOS volume.  Volume names are only unique
                                within a namespace.
                              type: string
                            volumeNamespace:
                              description: VolumeNamespace specifies the scope of
                                the volume within StorageOS.  If no namespace is specified
                                then the Pod's namespace will be used.  This allows
                                the Kubernetes name scoping to be mirrored within
                                StorageOS for tighter integration. Set VolumeName
                                to any name to override the default behaviour. Set
                                to "default" if you are not using namespaces within
                                StorageOS. Namespaces that do not pre-exist within
                                StorageOS will be created.
                              type: string
                          type: object
                        vsphereVolume:
                          description: VsphereVolume represents a vSphere volume attached
                            and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: Filesystem type to mount. Must be a filesystem
                                type supported by the host operating system. Ex. "ext4",
                                "xfs", "ntfs". Implicitly inferred to be "ext4" if
                                unspecified.
                              type: string
                            storagePolicyID:
                              description: Storage Policy Based Management (SPBM)
                                profile ID associated with the StoragePolicyName.
                              type: string
                            storagePolicyName:
                              description: Storage Policy Based Management (SPBM)
                                profile name.
                              type: string
                            volumePath:
                              description: Path that identifies vSphere volume vmdk
                              type: string
                          required:
                          - volumePath
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                required:
                - volumeMounts
                - volumes
                type: object
              oneReplicaPerNode:
                description: oneReplicaPerNode controls whether to run 1 pod per node
                  using the pod anti-affinity capability. Enabling this configuration
                  in an existing cluster will roll the cluster.
                type: boolean
              passwordEncoder:
                description: passwordEncoder specifies password encoder secret for
                  Schema Registry.
                properties:
                  directoryPathInContainer:
                    description: 'directoryPathInContainer contains the directory
                      path in the container where the required secret is mounted.
                      Directory should have the file `password-encoder.txt`. The contents
                      should include a new password. Old password is optional and
                      required only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
                    type: string
                  secretRef:
                    description: 'secretRef specifies the secret name. The secret
                      should have the key `password-encoder.txt`. The contents should
                      include a new password. Old password is optional and required
                      only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.'
                    maxLength: 30
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                    type: string
                type: object
              podTemplate:
                description: podTemplate specifies the statefulset pod template configuration.
                properties:
                  affinity:
                    description: 'affinity specifies a group of affinity scheduling
                      rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
                    properties:
                      nodeAffinity:
                        description: Describes node affinity scheduling rules for
                          the pod.
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node matches the corresponding matchExpressions;
                              the node(s) with the highest sum are the most preferred.
                            items:
                              description: An empty preferred scheduling term matches
                                all objects with implicit weight 0 (i.e. it's a no-op).
                                A null preferred scheduling term matches no objects
                                (i.e. is also a no-op).
                              properties:
                                preference:
                                  description: A node selector term, associated with
                                    the corresponding weight.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                  x-kubernetes-map-type: atomic
                                weight:
                                  description: Weight associated with matching the
                                    corresponding nodeSelectorTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - preference
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to an update), the system
                              may or may not try to eventually evict the pod from
                              its node.
                            properties:
                              nodeSelectorTerms:
                                description: Required. A list of node selector terms.
                                  The terms are ORed.
                                items:
                                  description: A null or empty node selector term
                                    matches no objects. The requirements of them are
                                    ANDed. The TopologySelectorTerm type implements
                                    a subset of the NodeSelectorTerm.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                  x-kubernetes-map-type: atomic
                                type: array
                            required:
                            - nodeSelectorTerms
                            type: object
                            x-kubernetes-map-type: atomic
                        type: object
                      podAffinity:
                        description: Describes pod affinity scheduling rules (e.g.
                          co-locate this pod in the same node, zone, etc. as some
                          other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces. This
                                        field is beta-level and is only honored when
                                        PodAffinityNamespaceSelector feature is enabled.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace"
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to a pod label update),
                              the system may or may not try to eventually evict the
                              pod from its node. When there are multiple elements,
                              the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                  x-kubernetes-map-type: atomic
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces. This field is beta-level
                                    and is only honored when PodAffinityNamespaceSelector
                                    feature is enabled.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                  x-kubernetes-map-type: atomic
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace"
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                      podAntiAffinity:
                        description: Describes pod anti-affinity scheduling rules
                          (e.g. avoid putting this pod in the same node, zone, etc.
                          as some other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the anti-affinity expressions
                              specified by this field, but it may choose a node that
                              violates one or more of the expressions. The node that
                              is most preferred is the one with the greatest sum of
                              weights, i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              anti-affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces. This
                                        field is beta-level and is only honored when
                                        PodAffinityNamespaceSelector feature is enabled.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace"
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the anti-affinity requirements specified
                              by this field are not met at scheduling time, the pod
                              will not be scheduled onto the node. If the anti-affinity
                              requirements specified by this field cease to be met
                              at some point during pod execution (e.g. due to a pod
                              label update), the system may or may not try to eventually
                              evict the pod from its node. When there are multiple
                              elements, the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                  x-kubernetes-map-type: atomic
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces. This field is beta-level
                                    and is only honored when PodAffinityNamespaceSelector
                                    feature is enabled.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                  x-kubernetes-map-type: atomic
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace"
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                    type: object
                  annotations:
                    additionalProperties:
                      type: string
                    description: 'annotations is a map of string key and value pairs
                      stored with the resource and may be set by external tools to
                      store and retrieve arbitrary metadata. They are not queryable
                      and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
                    type: object
                    x-kubernetes-map-type: granular
                  envVars:
                    description: 'envVars contain environment variables to be injected
                      into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
                    items:
                      description: EnvVar represents an environment variable present
                        in a Container.
                      properties:
                        name:
                          description: Name of the environment variable. Must be a
                            C_IDENTIFIER.
                          type: string
                        value:
                          description: 'Variable references $(VAR_NAME) are expanded
                            using the previously defined environment variables in
                            the container and any service environment variables. If
                            a variable cannot be resolved, the reference in the input
                            string will be unchanged. Double $$ are reduced to a single
                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
                            Escaped references will never be expanded, regardless
                            of whether the variable exists or not. Defaults to "".'
                          type: string
                        valueFrom:
                          description: Source for the environment variable's value.
                            Cannot be used if value is not empty.
                          properties:
                            configMapKeyRef:
                              description: Selects a key of a ConfigMap.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            fieldRef:
                              description: 'Selects a field of the pod: supports metadata.name,
                                metadata.namespace, `metadata.labels[''<KEY>'']`,
                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                spec.serviceAccountName, status.hostIP, status.podIP,
                                status.podIPs.'
                              properties:
                                apiVersion:
                                  description: Version of the schema the FieldPath
                                    is written in terms of, defaults to "v1".
                                  type: string
                                fieldPath:
                                  description: Path of the field to select in the
                                    specified API version.
                                  type: string
                              required:
                              - fieldPath
                              type: object
                              x-kubernetes-map-type: atomic
                            resourceFieldRef:
                              description: 'Selects a resource of the container: only
                                resources limits and requests (limits.cpu, limits.memory,
                                limits.ephemeral-storage, requests.cpu, requests.memory
                                and requests.ephemeral-storage) are currently supported.'
                              properties:
                                containerName:
                                  description: 'Container name: required for volumes,
                                    optional for env vars'
                                  type: string
                                divisor:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Specifies the output format of the
                                    exposed resources, defaults to "1"
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                                resource:
                                  description: 'Required: resource to select'
                                  type: string
                              required:
                              - resource
                              type: object
                              x-kubernetes-map-type: atomic
                            secretKeyRef:
                              description: Selects a key of a secret in the pod's
                                namespace
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                  labels:
                    additionalProperties:
                      type: string
                    description: 'labels is a map of string key and value pairs that
                      can be used to organize and categorize (scope and select) objects.
                      More info: http://kubernetes.io/docs/user-guide/labels.'
                    type: object
                    x-kubernetes-map-type: granular
                  podSecurityContext:
                    description: PodSecurityContext holds pod-level security attributes
                      and common container settings. Some fields are also present
                      in container.securityContext.  Field values of container.securityContext
                      take precedence over field values of PodSecurityContext.
                    properties:
                      fsGroup:
                        description: "A special supplemental group that applies to
                          all containers in a pod. Some volume types allow the Kubelet
                          to change the ownership of that volume to be owned by the
                          pod: \n 1. The owning GID will be the FSGroup 2. The setgid
                          bit is set (new files created in the volume will be owned
                          by FSGroup) 3. The permission bits are OR'd with rw-rw----
                          \n If unset, the Kubelet will not modify the ownership and
                          permissions of any volume. Note that this field cannot be
                          set when spec.os.name is windows."
                        format: int64
                        type: integer
                      fsGroupChangePolicy:
                        description: 'fsGroupChangePolicy defines behavior of changing
                          ownership and permission of the volume before being exposed
                          inside Pod. This field will only apply to volume types which
                          support fsGroup based ownership(and permissions). It will
                          have no effect on ephemeral volume types such as: secret,
                          configmaps and emptydir. Valid values are "OnRootMismatch"
                          and "Always". If not specified, "Always" is used. Note that
                          this field cannot be set when spec.os.name is windows.'
                        type: string
                      runAsGroup:
                        description: The GID to run the entrypoint of the container
                          process. Uses runtime default if unset. May also be set
                          in SecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence for that container. Note that this field
                          cannot be set when spec.os.name is windows.
                        format: int64
                        type: integer
                      runAsNonRoot:
                        description: Indicates that the container must run as a non-root
                          user. If true, the Kubelet will validate the image at runtime
                          to ensure that it does not run as UID 0 (root) and fail
                          to start the container if it does. If unset or false, no
                          such validation will be performed. May also be set in SecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        type: boolean
                      runAsUser:
                        description: The UID to run the entrypoint of the container
                          process. Defaults to user specified in image metadata if
                          unspecified. May also be set in SecurityContext.  If set
                          in both SecurityContext and PodSecurityContext, the value
                          specified in SecurityContext takes precedence for that container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        format: int64
                        type: integer
                      seLinuxOptions:
                        description: The SELinux context to be applied to all containers.
                          If unspecified, the container runtime will allocate a random
                          SELinux context for each container.  May also be set in
                          SecurityContext.  If set in both SecurityContext and PodSecurityContext,
                          the value specified in SecurityContext takes precedence
                          for that container. Note that this field cannot be set when
                          spec.os.name is windows.
                        properties:
                          level:
                            description: Level is SELinux level label that applies
                              to the container.
                            type: string
                          role:
                            description: Role is a SELinux role label that applies
                              to the container.
                            type: string
                          type:
                            description: Type is a SELinux type label that applies
                              to the container.
                            type: string
                          user:
                            description: User is a SELinux user label that applies
                              to the container.
                            type: string
                        type: object
                      seccompProfile:
                        description: The seccomp options to use by the containers
                          in this pod. Note that this field cannot be set when spec.os.name
                          is windows.
                        properties:
                          localhostProfile:
                            description: localhostProfile indicates a profile defined
                              in a file on the node should be used. The profile must
                              be preconfigured on the node to work. Must be a descending
                              path, relative to the kubelet's configured seccomp profile
                              location. Must only be set if type is "Localhost".
                            type: string
                          type:
                            description: "type indicates which kind of seccomp profile
                              will be applied. Valid options are: \n Localhost - a
                              profile defined in a file on the node should be used.
                              RuntimeDefault - the container runtime default profile
                              should be used. Unconfined - no profile should be applied."
                            type: string
                        required:
                        - type
                        type: object
                      supplementalGroups:
                        description: A list of groups applied to the first process
                          run in each container, in addition to the container's primary
                          GID.  If unspecified, no groups will be added to any container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        items:
                          format: int64
                          type: integer
                        type: array
                      sysctls:
                        description: Sysctls hold a list of namespaced sysctls used
                          for the pod. Pods with unsupported sysctls (by the container
                          runtime) might fail to launch. Note that this field cannot
                          be set when spec.os.name is windows.
                        items:
                          description: Sysctl defines a kernel parameter to be set
                          properties:
                            name:
                              description: Name of a property to set
                              type: string
                            value:
                              description: Value of a property to set
                              type: string
                          required:
                          - name
                          - value
                          type: object
                        type: array
                      windowsOptions:
                        description: The Windows specific settings applied to all
                          containers. If unspecified, the options within a container's
                          SecurityContext will be used. If set in both SecurityContext
                          and PodSecurityContext, the value specified in SecurityContext
                          takes precedence. Note that this field cannot be set when
                          spec.os.name is linux.
                        properties:
                          gmsaCredentialSpec:
                            description: GMSACredentialSpec is where the GMSA admission
                              webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                              inlines the contents of the GMSA credential spec named
                              by the GMSACredentialSpecName field.
                            type: string
                          gmsaCredentialSpecName:
                            description: GMSACredentialSpecName is the name of the
                              GMSA credential spec to use.
                            type: string
                          hostProcess:
                            description: HostProcess determines if a container should
                              be run as a 'Host Process' container. This field is
                              alpha-level and will only be honored by components that
                              enable the WindowsHostProcessContainers feature flag.
                              Setting this field without the feature flag will result
                              in errors when validating the Pod. All of a Pod's containers
                              must have the same effective HostProcess value (it is
                              not allowed to have a mix of HostProcess containers
                              and non-HostProcess containers).  In addition, if HostProcess
                              is true then HostNetwork must also be set to true.
                            type: boolean
                          runAsUserName:
                            description: The UserName in Windows to run the entrypoint
                              of the container process. Defaults to the user specified
                              in image metadata if unspecified. May also be set in
                              PodSecurityContext. If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext
                              takes precedence.
                            type: string
                        type: object
                    type: object
                  priorityClassName:
                    description: priorityClassName specifies the priority class for
                      the pod (if any).
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                    type: string
                  probe:
                    description: probe contains the fields for standard Kubernetes
                      readiness/liveness probe configuration.
                    properties:
                      liveness:
                        description: liveness configures the Kubernetes probe settings.
                          The changes will override the existing default configuration.
                        properties:
                          failureThreshold:
                            description: failureThreshold is the minimum consecutive
                              failures for the probe to be considered failed. Confluent
                              Platform components come with the right configuration,
                              and this setting is not required to change most of the
                              time.
                            format: int32
                            type: integer
                          initialDelaySeconds:
                            description: initialDelaySeconds is the number of seconds
                              after the container has started and before probes are
                              initiated. Confluent Platform components come with the
                              right configuration, and this setting is not required
                              to change most of the time.
                            format: int32
                            type: integer
                          periodSeconds:
                            description: periodSeconds specifies how often to perform
                              the probe. Confluent Platform components come with the
                              right configuration, and this setting is not required
                              to change most of the time.
                            format: int32
                            type: integer
                          successThreshold:
                            description: successThreshold is the minimum consecutive
                              successes for the probe to be considered successful
                              after having failed. The default values is `1`. Must
                              be `1` for liveness and startup. The minimum value is
                              `1`.
                            format: int32
                            type: integer
                          timeoutSeconds:
                            description: timeoutSeconds is the number of seconds after
                              which the probe times out. Confluent Platform components
                              come with the right configuration, and this setting
                              is not required to change most of the time.
                            format: int32
                            type: integer
                        type: object
                      readiness:
                        description: readiness configures the Kubernetes probe setting.
                          The changes will override the existing default configuration.
                        properties:
                          failureThreshold:
                            description: failureThreshold is the minimum consecutive
                              failures for the probe to be considered failed. Confluent
                              Platform components come with the right configuration,
                              and this setting is not required to change most of the
                              time.
                            format: int32
                            type: integer
                          initialDelaySeconds:
                            description: initialDelaySeconds is the number of seconds
                              after the container has started and before probes are
                              initiated. Confluent Platform components come with the
                              right configuration, and this setting is not required
                              to change most of the time.
                            format: int32
                            type: integer
                          periodSeconds:
                            description: periodSeconds specifies how often to perform
                              the probe. Confluent Platform components come with the
                              right configuration, and this setting is not required
                              to change most of the time.
                            format: int32
                            type: integer
                          successThreshold:
                            description: successThreshold is the minimum consecutive
                              successes for the probe to be considered successful
                              after having failed. The default values is `1`. Must
                              be `1` for liveness and startup. The minimum value is
                              `1`.
                            format: int32
                            type: integer
                          timeoutSeconds:
                            description: timeoutSeconds is the number of seconds after
                              which the probe times out. Confluent Platform components
                              come with the right configuration, and this setting
                              is not required to change most of the time.
                            format: int32
                            type: integer
                        type: object
                    type: object
                  resources:
                    description: resources describe the compute resource requirements.
                    properties:
                      limits:
                        additionalProperties:
                          anyOf:
                          - type: integer
                          - type: string
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        description: 'Limits describes the maximum amount of compute
                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                        type: object
                      requests:
                        additionalProperties:
                          anyOf:
                          - type: integer
                          - type: string
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        description: 'Requests describes the minimum amount of compute
                          resources required. If Requests is omitted for a container,
                          it defaults to Limits if that is explicitly specified, otherwise
                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                        type: object
                    type: object
                  securityContext:
                    description: SecurityContext holds security configuration that
                      will be applied to a container. Some fields are present in both
                      SecurityContext and PodSecurityContext.  When both are set,
                      the values in SecurityContext take precedence.
                    properties:
                      allowPrivilegeEscalation:
                        description: 'AllowPrivilegeEscalation controls whether a
                          process can gain more privileges than its parent process.
                          This bool directly controls if the no_new_privs flag will
                          be set on the container process. AllowPrivilegeEscalation
                          is true always when the container is: 1) run as Privileged
                          2) has CAP_SYS_ADMIN Note that this field cannot be set
                          when spec.os.name is windows.'
                        type: boolean
                      capabilities:
                        description: The capabilities to add/drop when running containers.
                          Defaults to the default set of capabilities granted by the
                          container runtime. Note that this field cannot be set when
                          spec.os.name is windows.
                        properties:
                          add:
                            description: Added capabilities
                            items:
                              description: Capability represent POSIX capabilities
                                type
                              type: string
                            type: array
                          drop:
                            description: Removed capabilities
                            items:
                              description: Capability represent POSIX capabilities
                                type
                              type: string
                            type: array
                        type: object
                      privileged:
                        description: Run container in privileged mode. Processes in
                          privileged containers are essentially equivalent to root
                          on the host. Defaults to false. Note that this field cannot
                          be set when spec.os.name is windows.
                        type: boolean
                      procMount:
                        description: procMount denotes the type of proc mount to use
                          for the containers. The default is DefaultProcMount which
                          uses the container runtime defaults for readonly paths and
                          masked paths. This requires the ProcMountType feature flag
                          to be enabled. Note that this field cannot be set when spec.os.name
                          is windows.
                        type: string
                      readOnlyRootFilesystem:
                        description: Whether this container has a read-only root filesystem.
                          Default is false. Note that this field cannot be set when
                          spec.os.name is windows.
                        type: boolean
                      runAsGroup:
                        description: The GID to run the entrypoint of the container
                          process. Uses runtime default if unset. May also be set
                          in PodSecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence. Note that this field cannot be set when
                          spec.os.name is windows.
                        format: int64
                        type: integer
                      runAsNonRoot:
                        description: Indicates that the container must run as a non-root
                          user. If true, the Kubelet will validate the image at runtime
                          to ensure that it does not run as UID 0 (root) and fail
                          to start the container if it does. If unset or false, no
                          such validation will be performed. May also be set in PodSecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        type: boolean
                      runAsUser:
                        description: The UID to run the entrypoint of the container
                          process. Defaults to user specified in image metadata if
                          unspecified. May also be set in PodSecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence. Note
                          that this field cannot be set when spec.os.name is windows.
                        format: int64
                        type: integer
                      seLinuxOptions:
                        description: The SELinux context to be applied to the container.
                          If unspecified, the container runtime will allocate a random
                          SELinux context for each container.  May also be set in
                          PodSecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence. Note that this field cannot be set when
                          spec.os.name is windows.
                        properties:
                          level:
                            description: Level is SELinux level label that applies
                              to the container.
                            type: string
                          role:
                            description: Role is a SELinux role label that applies
                              to the container.
                            type: string
                          type:
                            description: Type is a SELinux type label that applies
                              to the container.
                            type: string
                          user:
                            description: User is a SELinux user label that applies
                              to the container.
                            type: string
                        type: object
                      seccompProfile:
                        description: The seccomp options to use by this container.
                          If seccomp options are provided at both the pod & container
                          level, the container options override the pod options. Note
                          that this field cannot be set when spec.os.name is windows.
                        properties:
                          localhostProfile:
                            description: localhostProfile indicates a profile defined
                              in a file on the node should be used. The profile must
                              be preconfigured on the node to work. Must be a descending
                              path, relative to the kubelet's configured seccomp profile
                              location. Must only be set if type is "Localhost".
                            type: string
                          type:
                            description: "type indicates which kind of seccomp profile
                              will be applied. Valid options are: \n Localhost - a
                              profile defined in a file on the node should be used.
                              RuntimeDefault - the container runtime default profile
                              should be used. Unconfined - no profile should be applied."
                            type: string
                        required:
                        - type
                        type: object
                      windowsOptions:
                        description: The Windows specific settings applied to all
                          containers. If unspecified, the options from the PodSecurityContext
                          will be used. If set in both SecurityContext and PodSecurityContext,
                          the value specified in SecurityContext takes precedence.
                          Note that this field cannot be set when spec.os.name is
                          linux.
                        properties:
                          gmsaCredentialSpec:
                            description: GMSACredentialSpec is where the GMSA admission
                              webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                              inlines the contents of the GMSA credential spec named
                              by the GMSACredentialSpecName field.
                            type: string
                          gmsaCredentialSpecName:
                            description: GMSACredentialSpecName is the name of the
                              GMSA credential spec to use.
                            type: string
                          hostProcess:
                            description: HostProcess determines if a container should
                              be run as a 'Host Process' container. This field is
                              alpha-level and will only be honored by components that
                              enable the WindowsHostProcessContainers feature flag.
                              Setting this field without the feature flag will result
                              in errors when validating the Pod. All of a Pod's containers
                              must have the same effective HostProcess value (it is
                              not allowed to have a mix of HostProcess containers
                              and non-HostProcess containers).  In addition, if HostProcess
                              is true then HostNetwork must also be set to true.
                            type: boolean
                          runAsUserName:
                            description: The UserName in Windows to run the entrypoint
                              of the container process. Defaults to the user specified
                              in image metadata if unspecified. May also be set in
                              PodSecurityContext. If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext
                              takes precedence.
                            type: string
                        type: object
                    type: object
                  serviceAccountName:
                    description: 'ServiceAccountName is the name of the service account
                      used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
                    type: string
                  terminationGracePeriodSeconds:
                    description: terminationGracePeriodSeconds is the grace period
                      before the pod is deleted.
                    format: int64
                    type: integer
                  tolerations:
                    description: tolerations specify the pods to schedule onto the
                      nodes with matching taints, using the triple `<key,value,effect>`
                      and the matching operator `<operator>`.
                    items:
                      description: The pod this Toleration is attached to tolerates
                        any taint that matches the triple <key,value,effect> using
                        the matching operator <operator>.
                      properties:
                        effect:
                          description: Effect indicates the taint effect to match.
                            Empty means match all taint effects. When specified, allowed
                            values are NoSchedule, PreferNoSchedule and NoExecute.
                          type: string
                        key:
                          description: Key is the taint key that the toleration applies
                            to. Empty means match all taint keys. If the key is empty,
                            operator must be Exists; this combination means to match
                            all values and all keys.
                          type: string
                        operator:
                          description: Operator represents a key's relationship to
                            the value. Valid operators are Exists and Equal. Defaults
                            to Equal. Exists is equivalent to wildcard for value,
                            so that a pod can tolerate all taints of a particular
                            category.
                          type: string
                        tolerationSeconds:
                          description: TolerationSeconds represents the period of
                            time the toleration (which must be of effect NoExecute,
                            otherwise this field is ignored) tolerates the taint.
                            By default, it is not set, which means tolerate the taint
                            forever (do not evict). Zero and negative values will
                            be treated as 0 (evict immediately) by the system.
                          format: int64
                          type: integer
                        value:
                          description: Value is the taint value the toleration matches
                            to. If the operator is Exists, the value should be empty,
                            otherwise just a regular string.
                          type: string
                      type: object
                    type: array
                  topologySpreadConstraints:
                    description: topologySpreadConstraints describe how a group of
                      pods ought to spread across topology domains. Scheduler will
                      schedule pods based on the constraints. All topologySpreadConstraints
                      are ANDed.
                    items:
                      description: TopologySpreadConstraint specifies how to spread
                        matching pods among the given topology.
                      properties:
                        labelSelector:
                          description: LabelSelector is used to find matching pods.
                            Pods that match this label selector are counted to determine
                            the number of pods in their corresponding topology domain.
                          properties:
                            matchExpressions:
                              description: matchExpressions is a list of label selector
                                requirements. The requirements are ANDed.
                              items:
                                description: A label selector requirement is a selector
                                  that contains values, a key, and an operator that
                                  relates the key and values.
                                properties:
                                  key:
                                    description: key is the label key that the selector
                                      applies to.
                                    type: string
                                  operator:
                                    description: operator represents a key's relationship
                                      to a set of values. Valid operators are In,
                                      NotIn, Exists and DoesNotExist.
                                    type: string
                                  values:
                                    description: values is an array of string values.
                                      If the operator is In or NotIn, the values array
                                      must be non-empty. If the operator is Exists
                                      or DoesNotExist, the values array must be empty.
                                      This array is replaced during a strategic merge
                                      patch.
                                    items:
                                      type: string
                                    type: array
                                required:
                                - key
                                - operator
                                type: object
                              type: array
                            matchLabels:
                              additionalProperties:
                                type: string
                              description: matchLabels is a map of {key,value} pairs.
                                A single {key,value} in the matchLabels map is equivalent
                                to an element of matchExpressions, whose key field
                                is "key", the operator is "In", and the values array
                                contains only "value". The requirements are ANDed.
                              type: object
                          type: object
                          x-kubernetes-map-type: atomic
                        maxSkew:
                          description: 'MaxSkew describes the degree to which pods
                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
                            it is the maximum permitted difference between the number
                            of matching pods in the target topology and the global
                            minimum. For example, in a 3-zone cluster, MaxSkew is
                            set to 1, and pods with the same labelSelector spread
                            as 1/1/0: | zone1 | zone2 | zone3 | |   P   |   P   |       |
                            - if MaxSkew is 1, incoming pod can only be scheduled
                            to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
                            would make the ActualSkew(2-0) on zone1(zone2) violate
                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                            it is used to give higher precedence to topologies that
                            satisfy it. It''s a required field. Default value is 1
                            and 0 is not allowed.'
                          format: int32
                          type: integer
                        topologyKey:
                          description: TopologyKey is the key of node labels. Nodes
                            that have a label with this key and identical values are
                            considered to be in the same topology. We consider each
                            <key, value> as a "bucket", and try to put balanced number
                            of pods into each bucket. It's a required field.
                          type: string
                        whenUnsatisfiable:
                          description: 'WhenUnsatisfiable indicates how to deal with
                            a pod if it doesn''t satisfy the spread constraint. -
                            DoNotSchedule (default) tells the scheduler not to schedule
                            it. - ScheduleAnyway tells the scheduler to schedule the
                            pod in any location, but giving higher precedence to topologies
                            that would help reduce the skew. A constraint is considered
                            "Unsatisfiable" for an incoming pod if and only if every
                            possible node assignment for that pod would violate "MaxSkew"
                            on some topology. For example, in a 3-zone cluster, MaxSkew
                            is set to 1, and pods with the same labelSelector spread
                            as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
                            If WhenUnsatisfiable is set to DoNotSchedule, incoming
                            pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
                            as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
                            In other words, the cluster can still be imbalanced, but
                            scheduler won''t make it *more* imbalanced. It''s a required
                            field.'
                          type: string
                      required:
                      - maxSkew
                      - topologyKey
                      - whenUnsatisfiable
                      type: object
                    type: array
                type: object
              replicas:
                description: replicas is the desired number of replicas. A change
                  to this setting will roll the cluster.
                format: int32
                type: integer
              telemetry:
                description: telemetry specifies the Confluent telemetry reporter
                  configuration.
                properties:
                  global:
                    description: global allows disabling telemetry configuration.
                      If CFK is deployed with telemetry, this field is only used to
                      disable telemetry. The default value is `true` if telemetry
                      is enabled at the global level.
                    type: boolean
                type: object
              tls:
                description: tls specifies the global TLS configurations for the REST
                  API endpoint.
                properties:
                  autoGeneratedCerts:
                    description: autoGeneratedCerts specifies that the certificates
                      are auto-generated based on the CA key pair provided.
                    type: boolean
                  directoryPathInContainer:
                    description: directoryPathInContainer specifies the directory
                      path in the container where `keystore.jks`, `truststore.jks`,
                      and `jksPassword.txt` keys are mounted. `truststore.jks` is
                      not configured and can be ignored when the `ignoreTrustStoreConfig`
                      field is set to `true`.
                    minLength: 1
                    type: string
                  ignoreTrustStoreConfig:
                    description: ignoreTrustStoreConfig indicates whether to ignore
                      the truststore configuration for the Confluent component.
                    type: boolean
                  jksPassword:
                    description: jksPassword references the secret containing the
                      JKS password.
                    properties:
                      secretRef:
                        description: 'secretRef references the name of the secret
                          containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                        maxLength: 30
                        minLength: 1
                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                        type: string
                    required:
                    - secretRef
                    type: object
                  secretRef:
                    description: 'secretRef references the secret containing the certificates.
                      More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
                    maxLength: 30
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                    type: string
                type: object
            required:
            - image
            - replicas
            type: object
          status:
            description: status defines the observed state of the Schema Registry
              cluster.
            properties:
              arbitraryData:
                description: arbitraryData is the map for any arbitrary data associated
                  with this Confluent component.
                x-kubernetes-preserve-unknown-fields: true
              authorizationType:
                description: authorizationType is the authorization type for this
                  Confluent component.
                type: string
              clusterName:
                description: clusterName is the name of the Confluent Platform component
                  cluster.
                type: string
              clusterNamespace:
                description: clusterNamespace is the namespace where the Confluent
                  Platform component cluster is running.
                type: string
              conditions:
                description: conditions specify the latest available observations
                  of the current state.
                items:
                  description: Condition represent the latest available observations
                    of the current state.
                  properties:
                    lastProbeTime:
                      description: lastProbeTime shows the last time the condition
                        was evaluated.
                      format: date-time
                      type: string
                    lastTransitionTime:
                      description: lastTransitionTime shows the last time the condition
                        was transitioned from one status to another.
                      format: date-time
                      type: string
                    message:
                      description: message shows a human-readable message with details
                        about the transition.
                      type: string
                    reason:
                      description: reason shows the reason for the last transition
                        of the condition.
                      type: string
                    status:
                      description: status shows the status of the condition, one of
                        `True`, `False`, or `Unknown`.
                      type: string
                    type:
                      description: type shows the condition type.
                      type: string
                  type: object
                type: array
              currentReplicas:
                description: currentReplicas is the number of currently running replicas.
                format: int32
                type: integer
              groupId:
                description: groupId is the group id of the Schema Registry cluster.
                type: string
              internalSecrets:
                description: internalSecrets are internal secrets created by CFK for
                  this Confluent component.
                items:
                  type: string
                type: array
              internalTopicNames:
                description: internalTopicNames are the topics used by the component
                  for internal use.
                items:
                  type: string
                type: array
              kafka:
                description: kafka is the Kafka client side status for the Schema
                  Registry cluster.
                properties:
                  authenticationType:
                    description: authenticationType describes the authentication method
                      for the Kafka cluster.
                    type: string
                  bootstrapEndpoint:
                    description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
                    type: string
                  tls:
                    description: tls indicates whether TLS is enabled for the Kafka
                      dependency.
                    type: boolean
                type: object
              listeners:
                additionalProperties:
                  description: ListenerStatus describes general information about
                    the listeners.
                  properties:
                    advertisedExternalEndpoints:
                      description: advertisedExternalEndpoints specifies other advertised
                        endpoints used, especially for Kafka.
                      items:
                        type: string
                      type: array
                    authenticationType:
                      description: authenticationType shows the authentication type
                        configured by the listener.
                      type: string
                    externalAccessType:
                      description: externalAccessType shows the external access type
                        used for the listener.
                      type: string
                    externalEndpoint:
                      description: externalEndpoint specifies the external endpoint
                        to connect to the Confluent component cluster.
                      type: string
                    internalEndpoint:
                      description: internalEndpoint specifies the internal endpoint
                        to connect to the Confluent component cluster.
                      type: string
                    tls:
                      description: tls shows whether TLS is configured for the listener.
                      type: boolean
                  type: object
                description: listeners is a map of listener type and the status of
                  Schema Registry Listeners.
                type: object
                x-kubernetes-map-type: granular
              metricPrefix:
                description: metricPrefix is the prefix for the JMX metric of the
                  Schema Registry cluster.
                type: string
              observedGeneration:
                description: observedGeneration is the most recent generation observed
                  for this Confluent component.
                format: int64
                type: integer
              operatorVersion:
                description: operatorVersion is the internal version of CFK.
                type: string
              phase:
                description: phase describes the state of the Confluent Platform component.
                  This can either be 'PROVISIONING' or 'RUNNING' 'PROVISIONING' means
                  the Confluent Platform component is currently getting deployed and
                  not ready yet. 'RUNNING' means the Confluent Platform component
                  has been successfully deployed.
                type: string
              rbac:
                description: rbac contains the RBAC-related status when RBAC is enabled.
                properties:
                  clusterID:
                    description: clusterID specifies the id of the cluster.
                    type: string
                  internalRolebindings:
                    description: internalRolebindings specifies the internal rolebindings.
                    items:
                      type: string
                    type: array
                type: object
              readyReplicas:
                description: readyReplicas is the number of currently ready replicas.
                format: int32
                type: integer
              replicas:
                description: replicas is the number of replicas.
                format: int32
                type: integer
              restConfig:
                description: restConfig is the REST API configuration of the Schema
                  Registry cluster.
                properties:
                  advertisedExternalEndpoints:
                    description: advertisedExternalEndpoints specifies other advertised
                      endpoints used, especially for Kafka.
                    items:
                      type: string
                    type: array
                  authenticationType:
                    description: authenticationType shows the authentication type
                      configured by the listener.
                    type: string
                  externalAccessType:
                    description: externalAccessType shows the external access type
                      used for the listener.
                    type: string
                  externalEndpoint:
                    description: externalEndpoint specifies the external endpoint
                      to connect to the Confluent component cluster.
                    type: string
                  internalEndpoint:
                    description: internalEndpoint specifies the internal endpoint
                      to connect to the Confluent component cluster.
                    type: string
                  tls:
                    description: tls shows whether TLS is configured for the listener.
                    type: boolean
                type: object
              selector:
                description: selector gets the label selector of the child pod. The
                  Horizontal Pod Autoscaler(HPA) will scale using the label selector
                  of the child pod.
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      scale:
        labelSelectorPath: .status.selector
        specReplicasPath: .spec.replicas
        statusReplicasPath: .status.replicas
      status: {}