884 lines
44 KiB
YAML
884 lines
44 KiB
YAML
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.15.0
|
|
name: clusterlinks.platform.confluent.io
|
|
spec:
|
|
group: platform.confluent.io
|
|
names:
|
|
categories:
|
|
- all
|
|
- confluent-platform
|
|
- confluent
|
|
kind: ClusterLink
|
|
listKind: ClusterLinkList
|
|
plural: clusterlinks
|
|
shortNames:
|
|
- cl
|
|
- clusterlink
|
|
- clink
|
|
singular: clusterlink
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .status.clusterLinkID
|
|
name: ID
|
|
type: string
|
|
- jsonPath: .status.state
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .status.destinationKafkaClusterID
|
|
name: DestClusterID
|
|
type: string
|
|
- jsonPath: .status.sourceKafkaClusterID
|
|
name: SrcClusterID
|
|
type: string
|
|
- jsonPath: .status.numMirrorTopics
|
|
name: MirrorTopicCount
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ClusterLink is the schema for the ClusterLink API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: spec defines the desired state of the cluster link.
|
|
properties:
|
|
aclFilters:
|
|
description: |-
|
|
aclFilters specify the list of ACLs to be migrated from the source cluster to the
|
|
destination cluster.
|
|
items:
|
|
description: |-
|
|
AclFilter defines the configuration for the ACLs filter. This follows the same pattern as defined in the
|
|
cluster linking documentation. More info:
|
|
https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/security.html#cluster-link-acls-migrate
|
|
properties:
|
|
accessFilter:
|
|
description: AclSyncAccessFilter defines the access filter for
|
|
ACLs.
|
|
properties:
|
|
host:
|
|
description: |-
|
|
host is the host for which operations can be coming from.
|
|
The default value is `*` that matches all hosts.
|
|
type: string
|
|
operation:
|
|
description: |-
|
|
operation specifies the operation type of the filter. It can be `ANY` or operations
|
|
based on resource type defined in the following Confluent documentation:
|
|
https://docs.confluent.io/platform/current/kafka/authorization.html#acl-operations
|
|
type: string
|
|
permissionType:
|
|
description: permissionType is the permission type of the
|
|
filter. Valid options are `any`, `allow`, and `deny`.
|
|
enum:
|
|
- any
|
|
- allow
|
|
- deny
|
|
type: string
|
|
principal:
|
|
description: |-
|
|
principal is the name of the principal.
|
|
The default value is `*`.
|
|
type: string
|
|
required:
|
|
- operation
|
|
- permissionType
|
|
type: object
|
|
resourceFilter:
|
|
description: AclSyncResourceFilter specifies the resource filter
|
|
for ACLs.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
name is the name of the resource associated with this filter.
|
|
The default value is `*`.
|
|
type: string
|
|
patternType:
|
|
description: patternType is the pattern of the resource.
|
|
Valid options are `prefixed`, `literal`, `any`, and `match`.
|
|
enum:
|
|
- prefixed
|
|
- literal
|
|
- any
|
|
- match
|
|
type: string
|
|
resourceType:
|
|
description: resourceType is the type of the filter. Valid
|
|
options are `any`, `cluster`, `group`, `topic`, `transactionId`,
|
|
and `delegationToken`.
|
|
enum:
|
|
- any
|
|
- cluster
|
|
- group
|
|
- topic
|
|
- transcationId
|
|
- delegationToken
|
|
type: string
|
|
required:
|
|
- patternType
|
|
- resourceType
|
|
type: object
|
|
required:
|
|
- accessFilter
|
|
- resourceFilter
|
|
type: object
|
|
type: array
|
|
configs:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
configs is a map of string key and value pairs. It specifies additional configurations for the cluster link.
|
|
More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/configs.html
|
|
type: object
|
|
x-kubernetes-map-type: granular
|
|
consumerGroupFilters:
|
|
description: |-
|
|
consumerGroupFilters specify a list of consumer groups to be migrated from
|
|
the source cluster to the destination cluster.
|
|
items:
|
|
description: ClusterLinkOptionsFilter defines the scheme for a filter
|
|
properties:
|
|
filterType:
|
|
description: filterType specifies the filter type. Valid options
|
|
are `INCLUDE` and `EXCLUDE`.
|
|
enum:
|
|
- INCLUDE
|
|
- EXCLUDE
|
|
type: string
|
|
name:
|
|
description: name is the resource name associated with this
|
|
filter.
|
|
type: string
|
|
patternType:
|
|
description: patternType is the pattern of the resource. Valid
|
|
options are `PREFIXED` and `LITERAL`.
|
|
enum:
|
|
- PREFIXED
|
|
- LITERAL
|
|
type: string
|
|
required:
|
|
- filterType
|
|
- name
|
|
- patternType
|
|
type: object
|
|
type: array
|
|
destinationKafkaCluster:
|
|
description: destinationKafkaCluster specifies the destination Kafka
|
|
cluster and its REST API configuration.
|
|
properties:
|
|
authentication:
|
|
description: authentication specifies the authentication for the
|
|
Kafka cluster.
|
|
properties:
|
|
jaasConfig:
|
|
description: jaasConfig specifies the Kafka client-side JaaS
|
|
configuration.
|
|
properties:
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the required credentials.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
jaasConfigPassThrough:
|
|
description: jaasConfigPassThrough specifies another way to
|
|
provide the Kafka client-side JaaS configuration.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer specifies the directory path in the container where required credentials are mounted.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
minLength: 1
|
|
type: string
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the required credentials for authentication.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
type: object
|
|
oauthSettings:
|
|
description: |-
|
|
oauthSettings specifies the OAuth settings.
|
|
This needs to passed with the authentication type `oauth`.
|
|
properties:
|
|
audience:
|
|
description: audience specifies the audience claim in
|
|
the JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
expectedIssuer:
|
|
description: expectedIssuer specifies the expected issuer
|
|
in the JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
groupsClaimName:
|
|
description: groupsClaimName specifies the name of claim
|
|
in token for identifying the groups of subject in the
|
|
JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
jwksEndpointUri:
|
|
description: |-
|
|
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
|
|
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
|
|
minLength: 1
|
|
type: string
|
|
loginConnectTimeoutMs:
|
|
description: LoginConnectTimeoutMs sets connect timeout
|
|
with IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginReadTimeoutMs:
|
|
description: LoginReadTimeoutMs sets read timeout with
|
|
IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginRetryBackoffMaxMs:
|
|
description: LoginRetryBackoffMaxMs sets max retry backoff
|
|
with IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginRetryBackoffMs:
|
|
description: LoginRetryBackoffMs sets retry backoff with
|
|
IDP in ms
|
|
format: int32
|
|
type: integer
|
|
scope:
|
|
description: |-
|
|
scope is optional and required only when your identity provider doesn't have
|
|
a default scope or your groups claim is linked to a scope.
|
|
minLength: 1
|
|
type: string
|
|
subClaimName:
|
|
description: subClaimName specifies name of claim in JWT
|
|
to use for the subject.
|
|
minLength: 1
|
|
type: string
|
|
tokenEndpointUri:
|
|
description: |-
|
|
tokenBaseEndpointUri specifies the base uri for token endpoint.
|
|
This is required for OAuth for inter broker communication along with
|
|
clientId & clientSecret in JassConfig or JassConfigPassthrough
|
|
minLength: 1
|
|
type: string
|
|
type: object
|
|
oauthbearer:
|
|
description: |-
|
|
oauthbearer is the authentication mechanism to provider principals.
|
|
Only supported in RBAC deployment.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer specifies the directory path in the container
|
|
where the credential is mounted.
|
|
minLength: 1
|
|
type: string
|
|
secretRef:
|
|
description: |-
|
|
secretRef specifies the name of the secret that contains the credential.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
type: object
|
|
type:
|
|
description: |-
|
|
type specifies the Kafka client authentication type.
|
|
Valid options are `plain`, `oauthbearer`, `digest`, `mtls` and `oauth`.
|
|
enum:
|
|
- plain
|
|
- oauthbearer
|
|
- digest
|
|
- mtls
|
|
- oauth
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
bootstrapEndpoint:
|
|
description: |-
|
|
bootstrapEndpoint specifies the bootstrap endpoint for the Kafka cluster.
|
|
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
|
|
`spec.destinationKafkaCluster` and not required for `spec.sourceKafkaCluster`.
|
|
For other cluster links this is required for `spec.sourceKafkaCluster` and not required for
|
|
`spec.destinationKafkaCluster`.
|
|
minLength: 1
|
|
pattern: .+:[0-9]+
|
|
type: string
|
|
clusterID:
|
|
description: |-
|
|
clusterID specifies the id of the Kafka cluster.
|
|
If clusterID is defined for the Kafka cluster, it takes precedence over using the REST API
|
|
for getting the cluster ID.
|
|
minLength: 1
|
|
type: string
|
|
kafkaRestClassRef:
|
|
description: |-
|
|
kafkaRestClassRef references the KafkaRestClass application resource which
|
|
defines the Kafka REST API connection information.
|
|
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
|
|
`spec.sourceKafkaCluster` and optional for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
|
|
For other cluster links this is required for 'spec.destinationKafkaCluster` and optional for
|
|
`spec.sourceKafkaCluster` if the `spec.clusterID` is set.
|
|
properties:
|
|
name:
|
|
description: name specifies the name of the KafkaRestClass
|
|
application resource.
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: namespace specifies the namespace of the KafkaRestClass.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
tls:
|
|
description: tls specifies the client-side TLS configuration for
|
|
the Kafka cluster.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer contains the directory path in the container where
|
|
`fullchain.pem`, `privkey.pem`, `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are mounted.
|
|
minLength: 1
|
|
type: string
|
|
enabled:
|
|
description: enabled specifies whether to enable the TLS configuration
|
|
for the cluster link. The default value is `false`.
|
|
type: boolean
|
|
keyPassword:
|
|
description: |-
|
|
keyPassword references the secret containing the SSL key password if the private key passed
|
|
in the secretRef above is encrypted.
|
|
properties:
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the name of the secret containing the JKS password.
|
|
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the certificates.
|
|
More info: https://docs.confluent.io/operator/current/co-network-encryption.html
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- enabled
|
|
type: object
|
|
type: object
|
|
mirrorTopicOptions:
|
|
description: mirrorTopicOptions specify configuration options for
|
|
mirror topics.
|
|
properties:
|
|
autoCreateTopics:
|
|
description: |-
|
|
autoCreateTopics specifies configurations for the cluster link to
|
|
automatically create mirror topics on the destination cluster for topics that exist on the source cluster based on defined filters.
|
|
More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/mirror-topics-cp.html#auto-create-mirror-topics
|
|
properties:
|
|
enabled:
|
|
description: |-
|
|
enabled specifies whether to auto-create mirror topics based on topics on the source cluster.
|
|
When set to “true”, mirror topics will be auto-created. Setting this option to “false” disables mirror topic creation and clears any existing filters.
|
|
type: boolean
|
|
topicFilters:
|
|
description: topicFilter contains an array of filters to apply
|
|
to indicate which topics should be mirrored.
|
|
items:
|
|
description: ClusterLinkOptionsFilter defines the scheme
|
|
for a filter
|
|
properties:
|
|
filterType:
|
|
description: filterType specifies the filter type. Valid
|
|
options are `INCLUDE` and `EXCLUDE`.
|
|
enum:
|
|
- INCLUDE
|
|
- EXCLUDE
|
|
type: string
|
|
name:
|
|
description: name is the resource name associated with
|
|
this filter.
|
|
type: string
|
|
patternType:
|
|
description: patternType is the pattern of the resource.
|
|
Valid options are `PREFIXED` and `LITERAL`.
|
|
enum:
|
|
- PREFIXED
|
|
- LITERAL
|
|
type: string
|
|
required:
|
|
- filterType
|
|
- name
|
|
- patternType
|
|
type: object
|
|
type: array
|
|
type: object
|
|
prefix:
|
|
description: |-
|
|
prefix specifies prefix for the mirror topics of the cluster link.
|
|
If configured, the valid mirror topic name should be defined with `<prefix><sourceTopicName>` format
|
|
which mirrors the topic name of the format `<sourceTopicName>` from source cluster.
|
|
When auto-create is enabled and the prefix is configured then the topics created on the destination will automatically contain the prefix.
|
|
Otherwise, `spec.mirrorTopic.name` should be defined with `<prefix><sourceTopicName>` format.
|
|
maxLength: 255
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z0-9\._\-]*$
|
|
type: string
|
|
type: object
|
|
mirrorTopics:
|
|
description: mirrorTopics specify the mirror topics under this cluster
|
|
link.
|
|
items:
|
|
description: MirrorTopic defines the mirror topic configuration.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
type: string
|
|
description: configs is a map of string key and value pairs.
|
|
It specifies any additional configuration or configuration
|
|
overrides for the mirror topic.
|
|
type: object
|
|
x-kubernetes-map-type: granular
|
|
name:
|
|
description: |-
|
|
name is the mirror topic name. If the sourceTopicName is not configured,
|
|
we assume that the sourceTopicName is the same as mirrorTopicName,
|
|
so a topic with the exact same name must exist on the source cluster and
|
|
no topic with this name should exist on the destination cluster.
|
|
When `spec.mirrorTopicOptions.prefix: <prefix>` is configured for the cluster link,
|
|
the name has to be of the format `<prefix><sourceTopicName>`.
|
|
maxLength: 255
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z0-9\._\-]*$
|
|
type: string
|
|
replicationFactor:
|
|
description: |-
|
|
replicationFactor specifies the replication factor for the mirror topic on the destination cluster.
|
|
If this is not configured, mirror topic will inherit the broker `default.replication.factor` configuration.
|
|
format: int32
|
|
type: integer
|
|
sourceTopicName:
|
|
description: |-
|
|
sourceTopicName is topic name on the source cluster that will be mirrored to the destination cluster.
|
|
When `spec.mirrorTopicOptions.prefix: <prefix>` is not configured, you should not configure this field.
|
|
If it is configured, a topic with the exact same name must exist on the source cluster.
|
|
maxLength: 255
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z0-9\._\-]*$
|
|
type: string
|
|
state:
|
|
description: |-
|
|
state specifies the desired state for this mirror topic. Valid options are
|
|
`ACTIVE`, `FAILOVER`, `PAUSE`, and `PROMOTE`. The default value is `ACTIVE`.
|
|
enum:
|
|
- PAUSE
|
|
- PROMOTE
|
|
- FAILOVER
|
|
- ACTIVE
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
name:
|
|
description: |-
|
|
name specifies the cluster link name. If not configured, then ClusterLink CR name is used
|
|
as the cluster link name.
|
|
maxLength: 255
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z0-9\._\-]*$
|
|
type: string
|
|
sourceInitiatedLink:
|
|
description: sourceInitiatedLink specify configs for source initiated
|
|
cluster links.
|
|
properties:
|
|
linkMode:
|
|
description: linkMode specifies if this source initiated cluster
|
|
link is in Source or Destination mode.
|
|
enum:
|
|
- Source
|
|
- Destination
|
|
- Bidirectional
|
|
type: string
|
|
required:
|
|
- linkMode
|
|
type: object
|
|
sourceKafkaCluster:
|
|
description: sourceKafkaCluster specifies the source Kafka cluster
|
|
and its REST API configuration.
|
|
properties:
|
|
authentication:
|
|
description: authentication specifies the authentication for the
|
|
Kafka cluster.
|
|
properties:
|
|
jaasConfig:
|
|
description: jaasConfig specifies the Kafka client-side JaaS
|
|
configuration.
|
|
properties:
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the required credentials.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
jaasConfigPassThrough:
|
|
description: jaasConfigPassThrough specifies another way to
|
|
provide the Kafka client-side JaaS configuration.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer specifies the directory path in the container where required credentials are mounted.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
minLength: 1
|
|
type: string
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the required credentials for authentication.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
type: object
|
|
oauthSettings:
|
|
description: |-
|
|
oauthSettings specifies the OAuth settings.
|
|
This needs to passed with the authentication type `oauth`.
|
|
properties:
|
|
audience:
|
|
description: audience specifies the audience claim in
|
|
the JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
expectedIssuer:
|
|
description: expectedIssuer specifies the expected issuer
|
|
in the JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
groupsClaimName:
|
|
description: groupsClaimName specifies the name of claim
|
|
in token for identifying the groups of subject in the
|
|
JWT payload.
|
|
minLength: 1
|
|
type: string
|
|
jwksEndpointUri:
|
|
description: |-
|
|
jwksEndpointUri specifies the uri for the JSON Web Key Set (JWKS).
|
|
It is used to get set of keys containing the public keys used to verify any JWT issued by the IdP's Authorization Server.
|
|
minLength: 1
|
|
type: string
|
|
loginConnectTimeoutMs:
|
|
description: LoginConnectTimeoutMs sets connect timeout
|
|
with IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginReadTimeoutMs:
|
|
description: LoginReadTimeoutMs sets read timeout with
|
|
IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginRetryBackoffMaxMs:
|
|
description: LoginRetryBackoffMaxMs sets max retry backoff
|
|
with IDP in ms
|
|
format: int32
|
|
type: integer
|
|
loginRetryBackoffMs:
|
|
description: LoginRetryBackoffMs sets retry backoff with
|
|
IDP in ms
|
|
format: int32
|
|
type: integer
|
|
scope:
|
|
description: |-
|
|
scope is optional and required only when your identity provider doesn't have
|
|
a default scope or your groups claim is linked to a scope.
|
|
minLength: 1
|
|
type: string
|
|
subClaimName:
|
|
description: subClaimName specifies name of claim in JWT
|
|
to use for the subject.
|
|
minLength: 1
|
|
type: string
|
|
tokenEndpointUri:
|
|
description: |-
|
|
tokenBaseEndpointUri specifies the base uri for token endpoint.
|
|
This is required for OAuth for inter broker communication along with
|
|
clientId & clientSecret in JassConfig or JassConfigPassthrough
|
|
minLength: 1
|
|
type: string
|
|
type: object
|
|
oauthbearer:
|
|
description: |-
|
|
oauthbearer is the authentication mechanism to provider principals.
|
|
Only supported in RBAC deployment.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer specifies the directory path in the container
|
|
where the credential is mounted.
|
|
minLength: 1
|
|
type: string
|
|
secretRef:
|
|
description: |-
|
|
secretRef specifies the name of the secret that contains the credential.
|
|
More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
type: object
|
|
type:
|
|
description: |-
|
|
type specifies the Kafka client authentication type.
|
|
Valid options are `plain`, `oauthbearer`, `digest`, `mtls` and `oauth`.
|
|
enum:
|
|
- plain
|
|
- oauthbearer
|
|
- digest
|
|
- mtls
|
|
- oauth
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
bootstrapEndpoint:
|
|
description: |-
|
|
bootstrapEndpoint specifies the bootstrap endpoint for the Kafka cluster.
|
|
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
|
|
`spec.destinationKafkaCluster` and not required for `spec.sourceKafkaCluster`.
|
|
For other cluster links this is required for `spec.sourceKafkaCluster` and not required for
|
|
`spec.destinationKafkaCluster`.
|
|
minLength: 1
|
|
pattern: .+:[0-9]+
|
|
type: string
|
|
clusterID:
|
|
description: |-
|
|
clusterID specifies the id of the Kafka cluster.
|
|
If clusterID is defined for the Kafka cluster, it takes precedence over using the REST API
|
|
for getting the cluster ID.
|
|
minLength: 1
|
|
type: string
|
|
kafkaRestClassRef:
|
|
description: |-
|
|
kafkaRestClassRef references the KafkaRestClass application resource which
|
|
defines the Kafka REST API connection information.
|
|
When `spec.sourceInitiatedLink.linkMode` is configured as `Source`, this is required for
|
|
`spec.sourceKafkaCluster` and optional for `spec.destinationKafkaCluster` if `spec.clusterID` is set.
|
|
For other cluster links this is required for 'spec.destinationKafkaCluster` and optional for
|
|
`spec.sourceKafkaCluster` if the `spec.clusterID` is set.
|
|
properties:
|
|
name:
|
|
description: name specifies the name of the KafkaRestClass
|
|
application resource.
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: namespace specifies the namespace of the KafkaRestClass.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
tls:
|
|
description: tls specifies the client-side TLS configuration for
|
|
the Kafka cluster.
|
|
properties:
|
|
directoryPathInContainer:
|
|
description: |-
|
|
directoryPathInContainer contains the directory path in the container where
|
|
`fullchain.pem`, `privkey.pem`, `cacerts.pem` or `tls.crt`, `tls.key`, `ca.crt` keys are mounted.
|
|
minLength: 1
|
|
type: string
|
|
enabled:
|
|
description: enabled specifies whether to enable the TLS configuration
|
|
for the cluster link. The default value is `false`.
|
|
type: boolean
|
|
keyPassword:
|
|
description: |-
|
|
keyPassword references the secret containing the SSL key password if the private key passed
|
|
in the secretRef above is encrypted.
|
|
properties:
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the name of the secret containing the JKS password.
|
|
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates
|
|
maxLength: 30
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
secretRef:
|
|
description: |-
|
|
secretRef references the secret containing the certificates.
|
|
More info: https://docs.confluent.io/operator/current/co-network-encryption.html
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- enabled
|
|
type: object
|
|
type: object
|
|
required:
|
|
- destinationKafkaCluster
|
|
- sourceKafkaCluster
|
|
type: object
|
|
status:
|
|
description: status defines the observed state of the cluster link.
|
|
properties:
|
|
appState:
|
|
default: Unknown
|
|
description: appState is the current state of the cluster link application.
|
|
enum:
|
|
- Unknown
|
|
- Created
|
|
- Failed
|
|
- Deleted
|
|
type: string
|
|
clusterLinkID:
|
|
description: clusterLinkID is the id of the cluster link.
|
|
type: string
|
|
clusterLinkName:
|
|
description: clusterLinkName is the name of the cluster link.
|
|
type: string
|
|
conditions:
|
|
description: conditions are the latest available observations of the
|
|
cluster link's state.
|
|
items:
|
|
description: Condition represent the latest available observations
|
|
of the current state.
|
|
properties:
|
|
lastProbeTime:
|
|
description: lastProbeTime shows the last time the condition
|
|
was evaluated.
|
|
format: date-time
|
|
type: string
|
|
lastTransitionTime:
|
|
description: lastTransitionTime shows the last time the condition
|
|
was transitioned from one status to another.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message shows a human-readable message with details
|
|
about the transition.
|
|
type: string
|
|
reason:
|
|
description: reason shows the reason for the last transition
|
|
of the condition.
|
|
type: string
|
|
status:
|
|
description: status shows the status of the condition, one of
|
|
`True`, `False`, or `Unknown`.
|
|
type: string
|
|
type:
|
|
description: type shows the condition type.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
destinationKafkaClusterID:
|
|
description: destinationKafkaClusterID is the ID of the destination
|
|
Kafka cluster.
|
|
type: string
|
|
kafkaCluster:
|
|
description: 'kafkaCluster is the Kafka cluster this cluster link
|
|
belongs to. The format is: `<Kafka namespace>/<Kafka name>`'
|
|
type: string
|
|
mirrorTopics:
|
|
additionalProperties:
|
|
description: |-
|
|
MirrorTopicStatus specifies the status reported for each mirror topic as part of
|
|
the cluster link status.
|
|
properties:
|
|
observedGeneration:
|
|
description: observedGeneration is the most recent generation
|
|
observed for this Confluent component.
|
|
format: int64
|
|
type: integer
|
|
replicationFactor:
|
|
description: replicationFactor specifies the replication factor
|
|
for the mirror topic on the destination cluster.
|
|
format: int32
|
|
type: integer
|
|
sourceTopicName:
|
|
description: sourceTopicName is the name of the topic being
|
|
mirrored on the source cluster.
|
|
type: string
|
|
status:
|
|
description: |-
|
|
status is the status of the mirror topic.
|
|
It can be `ACTIVE`, `FAILED`, `PAUSED`, `STOPPED`, and `PENDING_STOPPED`.
|
|
type: string
|
|
type: object
|
|
description: mirrorTopics is a map of mirror topic name to its status
|
|
type: object
|
|
x-kubernetes-map-type: granular
|
|
numMirrorTopics:
|
|
description: numMirrorTopics is the number of mirror topics for the
|
|
cluster link.
|
|
type: integer
|
|
observedGeneration:
|
|
description: observedGeneration is the most recent generation observed
|
|
for this Confluent component.
|
|
format: int64
|
|
type: integer
|
|
sourceKafkaClusterID:
|
|
description: sourceKafkaClusterID is the ID of the source Kafka cluster.
|
|
type: string
|
|
state:
|
|
description: state is the current state of the cluster link.
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|