diff --git a/addons/s3-chart/Chart.yaml b/addons/s3-chart/Chart.yaml index 63cc6c8dd..a8f09a568 100644 --- a/addons/s3-chart/Chart.yaml +++ b/addons/s3-chart/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: s3-chart description: A Helm chart for the ACK service controller for Amazon Simple Storage Service (S3) -version: 1.0.7 -appVersion: 1.0.7 +version: 1.0.20 +appVersion: 1.0.20 home: https://github.com/aws-controllers-k8s/s3-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/addons/s3-chart/crds/s3.services.k8s.aws_buckets.yaml b/addons/s3-chart/crds/s3.services.k8s.aws_buckets.yaml index 78b248870..2003de104 100644 --- a/addons/s3-chart/crds/s3.services.k8s.aws_buckets.yaml +++ b/addons/s3-chart/crds/s3.services.k8s.aws_buckets.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.2 name: buckets.s3.services.k8s.aws spec: group: s3.services.k8s.aws @@ -21,22 +20,29 @@ spec: description: Bucket is the Schema for the Buckets API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "BucketSpec defines the desired state of Bucket. \n In terms - of implementation, a Bucket is a resource. An Amazon S3 bucket name + description: |- + BucketSpec defines the desired state of Bucket. + + In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name is globally unique, and the namespace is shared by all Amazon Web Services - accounts." + accounts. properties: accelerate: description: Container for setting the transfer acceleration state. @@ -49,21 +55,21 @@ spec: type: string analytics: items: - description: Specifies the configuration and any analyses for the - analytics filter of an Amazon S3 bucket. + description: |- + Specifies the configuration and any analyses for the analytics filter of + an Amazon S3 bucket. properties: filter: - description: The filter used to describe a set of objects for - analyses. A filter must have exactly one prefix, one tag, - or one conjunction (AnalyticsAndOperator). If no filter is - provided, all objects will be considered in any analysis. + description: |- + The filter used to describe a set of objects for analyses. A filter must + have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). + If no filter is provided, all objects will be considered in any analysis. properties: and: - description: A conjunction (logical AND) of predicates, - which is used in evaluating a metrics filter. The operator - must have at least two predicates in any combination, - and an object must match all of the predicates for the - filter to apply. + description: |- + A conjunction (logical AND) of predicates, which is used in evaluating a + metrics filter. The operator must have at least two predicates in any combination, + and an object must match all of the predicates for the filter to apply. properties: prefix: type: string @@ -92,13 +98,15 @@ spec: id: type: string storageClassAnalysis: - description: Specifies data related to access patterns to be - collected and made available to analyze the tradeoffs between - different storage classes for an Amazon S3 bucket. + description: |- + Specifies data related to access patterns to be collected and made available + to analyze the tradeoffs between different storage classes for an Amazon + S3 bucket. properties: dataExport: - description: Container for data related to the storage class - analysis for an Amazon S3 bucket for export. + description: |- + Container for data related to the storage class analysis for an Amazon S3 + bucket for export. properties: destination: description: Where to publish the analytics results. @@ -124,10 +132,11 @@ spec: type: object type: array cors: - description: Describes the cross-origin access configuration for objects - in an Amazon S3 bucket. For more information, see Enabling Cross-Origin - Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) - in the Amazon S3 User Guide. + description: |- + Describes the cross-origin access configuration for objects in an Amazon + S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing + (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon + S3 User Guide. properties: corsRules: items: @@ -172,16 +181,15 @@ spec: description: Specifies the default server-side encryption configuration. properties: applyServerSideEncryptionByDefault: - description: Describes the default server-side encryption - to apply to new objects in the bucket. If a PUT Object - request doesn't specify any server-side encryption, this - default encryption will be applied. If you don't specify - a customer managed key at configuration, Amazon S3 automatically - creates an Amazon Web Services KMS key in your Amazon - Web Services account the first time that you add an object - encrypted with SSE-KMS to a bucket. By default, Amazon - S3 uses this KMS key for SSE-KMS. For more information, - see PUT Bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) + description: |- + Describes the default server-side encryption to apply to new objects in the + bucket. If a PUT Object request doesn't specify any server-side encryption, + this default encryption will be applied. If you don't specify a customer + managed key at configuration, Amazon S3 automatically creates an Amazon Web + Services KMS key in your Amazon Web Services account the first time that + you add an object encrypted with SSE-KMS to a bucket. By default, Amazon + S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption + (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the Amazon S3 API Reference. properties: kmsMasterKeyID: @@ -195,8 +203,9 @@ spec: type: array type: object grantFullControl: - description: Allows grantee the read, write, read ACP, and write ACP - permissions on the bucket. + description: |- + Allows grantee the read, write, read ACP, and write ACP permissions on the + bucket. type: string grantRead: description: Allows grantee to list the objects in the bucket. @@ -205,28 +214,33 @@ spec: description: Allows grantee to read the bucket ACL. type: string grantWrite: - description: "Allows grantee to create new objects in the bucket. - \n For the bucket and object owners of existing objects, also allows - deletions and overwrites of those objects." + description: |- + Allows grantee to create new objects in the bucket. + + For the bucket and object owners of existing objects, also allows deletions + and overwrites of those objects. type: string grantWriteACP: description: Allows grantee to write the ACL for the applicable bucket. type: string intelligentTiering: items: - description: "Specifies the S3 Intelligent-Tiering configuration - for an Amazon S3 bucket. \n For information about the S3 Intelligent-Tiering - storage class, see Storage class for automatically optimizing - frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)." + description: |- + Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket. + + For information about the S3 Intelligent-Tiering storage class, see Storage + class for automatically optimizing frequently and infrequently accessed objects + (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). properties: filter: - description: The Filter is used to identify objects that the - S3 Intelligent-Tiering configuration applies to. + description: |- + The Filter is used to identify objects that the S3 Intelligent-Tiering configuration + applies to. properties: and: - description: A container for specifying S3 Intelligent-Tiering - filters. The filters determine the subset of objects to - which the rule applies. + description: |- + A container for specifying S3 Intelligent-Tiering filters. The filters determine + the subset of objects to which the rule applies. properties: prefix: type: string @@ -258,10 +272,10 @@ spec: type: string tierings: items: - description: The S3 Intelligent-Tiering storage class is designed - to optimize storage costs by automatically moving data to - the most cost-effective storage access tier, without additional - operational overhead. + description: |- + The S3 Intelligent-Tiering storage class is designed to optimize storage + costs by automatically moving data to the most cost-effective storage access + tier, without additional operational overhead. properties: accessTier: type: string @@ -274,8 +288,9 @@ spec: type: array inventory: items: - description: Specifies the inventory configuration for an Amazon - S3 bucket. For more information, see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) + description: |- + Specifies the inventory configuration for an Amazon S3 bucket. For more information, + see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the Amazon S3 API Reference. properties: destination: @@ -283,17 +298,18 @@ spec: S3 bucket. properties: s3BucketDestination: - description: Contains the bucket name, file format, bucket - owner (optional), and prefix (optional) where inventory - results are published. + description: |- + Contains the bucket name, file format, bucket owner (optional), and prefix + (optional) where inventory results are published. properties: accountID: type: string bucket: type: string encryption: - description: Contains the type of server-side encryption - used to encrypt the inventory results. + description: |- + Contains the type of server-side encryption used to encrypt the inventory + results. properties: sseKMS: description: Specifies the use of SSE-KMS to encrypt @@ -310,8 +326,9 @@ spec: type: object type: object filter: - description: Specifies an inventory filter. The inventory only - includes objects that meet the filter's criteria. + description: |- + Specifies an inventory filter. The inventory only includes objects that meet + the filter's criteria. properties: prefix: type: string @@ -345,11 +362,11 @@ spec: S3 bucket. properties: abortIncompleteMultipartUpload: - description: Specifies the days since the initiation of - an incomplete multipart upload that Amazon S3 will wait - before permanently removing all parts of the upload. For - more information, see Aborting Incomplete Multipart Uploads - Using a Bucket Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + description: |- + Specifies the days since the initiation of an incomplete multipart upload + that Amazon S3 will wait before permanently removing all parts of the upload. + For more information, see Aborting Incomplete Multipart Uploads Using a Bucket + Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the Amazon S3 User Guide. properties: daysAfterInitiation: @@ -370,15 +387,15 @@ spec: type: boolean type: object filter: - description: The Filter is used to identify objects that - a Lifecycle Rule applies to. A Filter must have exactly - one of Prefix, Tag, or And specified. + description: |- + The Filter is used to identify objects that a Lifecycle Rule applies to. + A Filter must have exactly one of Prefix, Tag, or And specified. properties: and: - description: This is used in a Lifecycle Rule Filter - to apply a logical AND to two or more predicates. - The Lifecycle Rule will apply to any object matching - all of the predicates configured inside the And operator. + description: |- + This is used in a Lifecycle Rule Filter to apply a logical AND to two or + more predicates. The Lifecycle Rule will apply to any object matching all + of the predicates configured inside the And operator. properties: objectSizeGreaterThan: format: int64 @@ -419,12 +436,12 @@ spec: id: type: string noncurrentVersionExpiration: - description: Specifies when noncurrent object versions expire. - Upon expiration, Amazon S3 permanently deletes the noncurrent - object versions. You set this lifecycle configuration - action on a bucket that has versioning enabled (or suspended) - to request that Amazon S3 delete noncurrent object versions - at a specific period in the object's lifetime. + description: |- + Specifies when noncurrent object versions expire. Upon expiration, Amazon + S3 permanently deletes the noncurrent object versions. You set this lifecycle + configuration action on a bucket that has versioning enabled (or suspended) + to request that Amazon S3 delete noncurrent object versions at a specific + period in the object's lifetime. properties: newerNoncurrentVersions: format: int64 @@ -435,14 +452,13 @@ spec: type: object noncurrentVersionTransitions: items: - description: Container for the transition rule that describes - when noncurrent objects transition to the STANDARD_IA, - ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, - or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled - (or versioning is suspended), you can set this action - to request that Amazon S3 transition noncurrent object - versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, - GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at + description: |- + Container for the transition rule that describes when noncurrent objects + transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, + GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled + (or versioning is suspended), you can set this action to request that Amazon + S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA, + INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's lifetime. properties: newerNoncurrentVersions: @@ -461,9 +477,9 @@ spec: type: string transitions: items: - description: Specifies when an object transitions to a - specified storage class. For more information about - Amazon S3 lifecycle configuration rules, see Transitioning + description: |- + Specifies when an object transitions to a specified storage class. For more + information about Amazon S3 lifecycle configuration rules, see Transitioning Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html) in the Amazon S3 User Guide. properties: @@ -484,20 +500,23 @@ spec: description: Container for logging status information. properties: loggingEnabled: - description: Describes where logs are stored and the prefix that - Amazon S3 assigns to all log object keys for a bucket. For more - information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) + description: |- + Describes where logs are stored and the prefix that Amazon S3 assigns to + all log object keys for a bucket. For more information, see PUT Bucket logging + (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the Amazon S3 API Reference. properties: targetBucket: type: string targetGrants: items: - description: "Container for granting information. \n Buckets - that use the bucket owner enforced setting for Object - Ownership don't support target grants. For more information, - see Permissions server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) - in the Amazon S3 User Guide." + description: |- + Container for granting information. + + Buckets that use the bucket owner enforced setting for Object Ownership don't + support target grants. For more information, see Permissions server access + log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) + in the Amazon S3 User Guide. properties: grantee: description: Container for the person being granted @@ -524,28 +543,28 @@ spec: type: object metrics: items: - description: Specifies a metrics configuration for the CloudWatch - request metrics (specified by the metrics configuration ID) from - an Amazon S3 bucket. If you're updating an existing metrics configuration, - note that this is a full replacement of the existing metrics configuration. - If you don't include the elements you want to keep, they are erased. - For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). + description: |- + Specifies a metrics configuration for the CloudWatch request metrics (specified + by the metrics configuration ID) from an Amazon S3 bucket. If you're updating + an existing metrics configuration, note that this is a full replacement of + the existing metrics configuration. If you don't include the elements you + want to keep, they are erased. For more information, see PutBucketMetricsConfiguration + (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). properties: filter: - description: Specifies a metrics configuration filter. The metrics - configuration only includes objects that meet the filter's - criteria. A filter must be a prefix, an object tag, an access - point ARN, or a conjunction (MetricsAndOperator). For more - information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html). + description: |- + Specifies a metrics configuration filter. The metrics configuration only + includes objects that meet the filter's criteria. A filter must be a prefix, + an object tag, an access point ARN, or a conjunction (MetricsAndOperator). + For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html). properties: accessPointARN: type: string and: - description: A conjunction (logical AND) of predicates, - which is used in evaluating a metrics filter. The operator - must have at least two predicates, and an object must - match all of the predicates in order for the filter to - apply. + description: |- + A conjunction (logical AND) of predicates, which is used in evaluating a + metrics filter. The operator must have at least two predicates, and an object + must match all of the predicates in order for the filter to apply. properties: accessPointARN: type: string @@ -581,9 +600,9 @@ spec: description: The name of the bucket to create. type: string notification: - description: A container for specifying the notification configuration - of the bucket. If this element is empty, notifications are turned - off for the bucket. + description: |- + A container for specifying the notification configuration of the bucket. + If this element is empty, notifications are turned off for the bucket. properties: lambdaFunctionConfigurations: items: @@ -595,9 +614,9 @@ spec: type: string type: array filter: - description: Specifies object key name filtering rules. - For information about key name filtering, see Configuring - Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + description: |- + Specifies object key name filtering rules. For information about key name + filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon S3 User Guide. properties: key: @@ -605,13 +624,13 @@ spec: and suffix filtering rules. properties: filterRules: - description: A list of containers for the key-value - pair that defines the criteria for the filter - rule. + description: |- + A list of containers for the key-value pair that defines the criteria for + the filter rule. items: - description: Specifies the Amazon S3 object key - name to filter on and whether to filter on the - suffix or prefix of the key name. + description: |- + Specifies the Amazon S3 object key name to filter on and whether to filter + on the suffix or prefix of the key name. properties: name: type: string @@ -622,9 +641,9 @@ spec: type: object type: object id: - description: An optional unique identifier for configurations - in a notification configuration. If you don't provide - one, Amazon S3 will assign an ID. + description: |- + An optional unique identifier for configurations in a notification configuration. + If you don't provide one, Amazon S3 will assign an ID. type: string lambdaFunctionARN: type: string @@ -632,18 +651,18 @@ spec: type: array queueConfigurations: items: - description: Specifies the configuration for publishing messages - to an Amazon Simple Queue Service (Amazon SQS) queue when - Amazon S3 detects specified events. + description: |- + Specifies the configuration for publishing messages to an Amazon Simple Queue + Service (Amazon SQS) queue when Amazon S3 detects specified events. properties: events: items: type: string type: array filter: - description: Specifies object key name filtering rules. - For information about key name filtering, see Configuring - Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + description: |- + Specifies object key name filtering rules. For information about key name + filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon S3 User Guide. properties: key: @@ -651,13 +670,13 @@ spec: and suffix filtering rules. properties: filterRules: - description: A list of containers for the key-value - pair that defines the criteria for the filter - rule. + description: |- + A list of containers for the key-value pair that defines the criteria for + the filter rule. items: - description: Specifies the Amazon S3 object key - name to filter on and whether to filter on the - suffix or prefix of the key name. + description: |- + Specifies the Amazon S3 object key name to filter on and whether to filter + on the suffix or prefix of the key name. properties: name: type: string @@ -668,9 +687,9 @@ spec: type: object type: object id: - description: An optional unique identifier for configurations - in a notification configuration. If you don't provide - one, Amazon S3 will assign an ID. + description: |- + An optional unique identifier for configurations in a notification configuration. + If you don't provide one, Amazon S3 will assign an ID. type: string queueARN: type: string @@ -678,18 +697,19 @@ spec: type: array topicConfigurations: items: - description: A container for specifying the configuration for - publication of messages to an Amazon Simple Notification Service - (Amazon SNS) topic when Amazon S3 detects specified events. + description: |- + A container for specifying the configuration for publication of messages + to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 + detects specified events. properties: events: items: type: string type: array filter: - description: Specifies object key name filtering rules. - For information about key name filtering, see Configuring - Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + description: |- + Specifies object key name filtering rules. For information about key name + filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon S3 User Guide. properties: key: @@ -697,13 +717,13 @@ spec: and suffix filtering rules. properties: filterRules: - description: A list of containers for the key-value - pair that defines the criteria for the filter - rule. + description: |- + A list of containers for the key-value pair that defines the criteria for + the filter rule. items: - description: Specifies the Amazon S3 object key - name to filter on and whether to filter on the - suffix or prefix of the key name. + description: |- + Specifies the Amazon S3 object key name to filter on and whether to filter + on the suffix or prefix of the key name. properties: name: type: string @@ -714,9 +734,9 @@ spec: type: object type: object id: - description: An optional unique identifier for configurations - in a notification configuration. If you don't provide - one, Amazon S3 will assign an ID. + description: |- + An optional unique identifier for configurations in a notification configuration. + If you don't provide one, Amazon S3 will assign an ID. type: string topicARN: type: string @@ -730,8 +750,9 @@ spec: objectOwnership: type: string ownershipControls: - description: The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, - or ObjectWriter) that you want to apply to this Amazon S3 bucket. + description: |- + The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) + that you want to apply to this Amazon S3 bucket. properties: rules: items: @@ -739,20 +760,21 @@ spec: rule. properties: objectOwnership: - description: "The container element for object ownership - for a bucket's ownership controls. \n BucketOwnerPreferred - - Objects uploaded to the bucket change ownership to the - bucket owner if the objects are uploaded with the bucket-owner-full-control - canned ACL. \n ObjectWriter - The uploading account will - own the object if the object is uploaded with the bucket-owner-full-control - canned ACL. \n BucketOwnerEnforced - Access control lists - (ACLs) are disabled and no longer affect permissions. - The bucket owner automatically owns and has full control - over every object in the bucket. The bucket only accepts - PUT requests that don't specify an ACL or bucket owner - full control ACLs, such as the bucket-owner-full-control - canned ACL or an equivalent form of this ACL expressed - in the XML format." + description: |- + The container element for object ownership for a bucket's ownership controls. + + BucketOwnerPreferred - Objects uploaded to the bucket change ownership to + the bucket owner if the objects are uploaded with the bucket-owner-full-control + canned ACL. + + ObjectWriter - The uploading account will own the object if the object is + uploaded with the bucket-owner-full-control canned ACL. + + BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer + affect permissions. The bucket owner automatically owns and has full control + over every object in the bucket. The bucket only accepts PUT requests that + don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control + canned ACL or an equivalent form of this ACL expressed in the XML format. type: string type: object type: array @@ -761,11 +783,11 @@ spec: description: The bucket policy as a JSON document. type: string publicAccessBlock: - description: The PublicAccessBlock configuration that you want to - apply to this Amazon S3 bucket. You can enable the configuration - options in any combination. For more information about when Amazon - S3 considers a bucket or object public, see The Meaning of "Public" - (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) + description: |- + The PublicAccessBlock configuration that you want to apply to this Amazon + S3 bucket. You can enable the configuration options in any combination. For + more information about when Amazon S3 considers a bucket or object public, + see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the Amazon S3 User Guide. properties: blockPublicACLs: @@ -778,9 +800,9 @@ spec: type: boolean type: object replication: - description: A container for replication rules. You can add up to - 1,000 rules. The maximum size of a replication configuration is - 2 MB. + description: |- + A container for replication rules. You can add up to 1,000 rules. The maximum + size of a replication configuration is 2 MB. properties: role: type: string @@ -790,28 +812,28 @@ spec: and where to store the replicas. properties: deleteMarkerReplication: - description: "Specifies whether Amazon S3 replicates delete - markers. If you specify a Filter in your replication configuration, - you must also include a DeleteMarkerReplication element. - If your Filter includes a Tag element, the DeleteMarkerReplication - Status must be set to Disabled, because Amazon S3 does - not support replicating delete markers for tag-based rules. - For an example configuration, see Basic Rule Configuration - (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). - \n For more information about delete marker replication, - see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html). - \n If you are using an earlier version of the replication - configuration, Amazon S3 handles replication of delete - markers differently. For more information, see Backward - Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)." + description: |- + Specifies whether Amazon S3 replicates delete markers. If you specify a Filter + in your replication configuration, you must also include a DeleteMarkerReplication + element. If your Filter includes a Tag element, the DeleteMarkerReplication + Status must be set to Disabled, because Amazon S3 does not support replicating + delete markers for tag-based rules. For an example configuration, see Basic + Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). + + For more information about delete marker replication, see Basic Rule Configuration + (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html). + + If you are using an earlier version of the replication configuration, Amazon + S3 handles replication of delete markers differently. For more information, + see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). properties: status: type: string type: object destination: - description: Specifies information about where to publish - analysis or configuration results for an Amazon S3 bucket - and S3 Replication Time Control (S3 RTC). + description: |- + Specifies information about where to publish analysis or configuration results + for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC). properties: accessControlTranslation: description: A container for information about access @@ -825,21 +847,22 @@ spec: bucket: type: string encryptionConfiguration: - description: Specifies encryption-related information - for an Amazon S3 bucket that is a destination for - replicated objects. + description: |- + Specifies encryption-related information for an Amazon S3 bucket that is + a destination for replicated objects. properties: replicaKMSKeyID: type: string type: object metrics: - description: A container specifying replication metrics-related - settings enabling replication metrics and events. + description: |- + A container specifying replication metrics-related settings enabling replication + metrics and events. properties: eventThreshold: - description: A container specifying the time value - for S3 Replication Time Control (S3 RTC) and replication - metrics EventThreshold. + description: |- + A container specifying the time value for S3 Replication Time Control (S3 + RTC) and replication metrics EventThreshold. properties: minutes: format: int64 @@ -849,18 +872,18 @@ spec: type: string type: object replicationTime: - description: A container specifying S3 Replication Time - Control (S3 RTC) related information, including whether - S3 RTC is enabled and the time when all objects and - operations on objects must be replicated. Must be - specified together with a Metrics block. + description: |- + A container specifying S3 Replication Time Control (S3 RTC) related information, + including whether S3 RTC is enabled and the time when all objects and operations + on objects must be replicated. Must be specified together with a Metrics + block. properties: status: type: string time: - description: A container specifying the time value - for S3 Replication Time Control (S3 RTC) and replication - metrics EventThreshold. + description: |- + A container specifying the time value for S3 Replication Time Control (S3 + RTC) and replication metrics EventThreshold. properties: minutes: format: int64 @@ -871,28 +894,32 @@ spec: type: string type: object existingObjectReplication: - description: Optional configuration to replicate existing - source bucket objects. For more information, see Replicating - Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) + description: |- + Optional configuration to replicate existing source bucket objects. For more + information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) in the Amazon S3 User Guide. properties: status: type: string type: object filter: - description: A filter that identifies the subset of objects - to which the replication rule applies. A Filter must specify - exactly one Prefix, Tag, or an And child element. + description: |- + A filter that identifies the subset of objects to which the replication rule + applies. A Filter must specify exactly one Prefix, Tag, or an And child element. properties: and: - description: "A container for specifying rule filters. - The filters determine the subset of objects to which - the rule applies. This element is required only if - you specify more than one filter. \n For example: - \n * If you specify both a Prefix and a Tag filter, - wrap these filters in an And tag. \n * If you specify - a filter based on multiple tags, wrap the Tag elements - in an And tag." + description: |- + A container for specifying rule filters. The filters determine the subset + of objects to which the rule applies. This element is required only if you + specify more than one filter. + + For example: + + * If you specify both a Prefix and a Tag filter, wrap these filters in + an And tag. + + * If you specify a filter based on multiple tags, wrap the Tag elements + in an And tag. properties: prefix: type: string @@ -926,33 +953,33 @@ spec: format: int64 type: integer sourceSelectionCriteria: - description: A container that describes additional filters - for identifying the source objects that you want to replicate. - You can choose to enable or disable the replication of - these objects. Currently, Amazon S3 supports only the - filter that you can specify for objects created with server-side - encryption using a customer managed key stored in Amazon - Web Services Key Management Service (SSE-KMS). + description: |- + A container that describes additional filters for identifying the source + objects that you want to replicate. You can choose to enable or disable the + replication of these objects. Currently, Amazon S3 supports only the filter + that you can specify for objects created with server-side encryption using + a customer managed key stored in Amazon Web Services Key Management Service + (SSE-KMS). properties: replicaModifications: - description: "A filter that you can specify for selection - for modifications on replicas. Amazon S3 doesn't replicate - replica modifications by default. In the latest version - of replication configuration (when Filter is specified), - you can specify this element and set the status to - Enabled to replicate modifications on replicas. \n - If you don't specify the Filter element, Amazon S3 - assumes that the replication configuration is the - earlier version, V1. In the earlier version, this - element is not allowed." + description: |- + A filter that you can specify for selection for modifications on replicas. + Amazon S3 doesn't replicate replica modifications by default. In the latest + version of replication configuration (when Filter is specified), you can + specify this element and set the status to Enabled to replicate modifications + on replicas. + + If you don't specify the Filter element, Amazon S3 assumes that the replication + configuration is the earlier version, V1. In the earlier version, this element + is not allowed. properties: status: type: string type: object sseKMSEncryptedObjects: - description: A container for filter information for - the selection of S3 objects encrypted with Amazon - Web Services KMS. + description: |- + A container for filter information for the selection of S3 objects encrypted + with Amazon Web Services KMS. properties: status: type: string @@ -1005,8 +1032,9 @@ spec: type: string type: object redirectAllRequestsTo: - description: Specifies the redirect behavior of all requests to - a website endpoint of an Amazon S3 bucket. + description: |- + Specifies the redirect behavior of all requests to a website endpoint of + an Amazon S3 bucket. properties: hostName: type: string @@ -1015,18 +1043,18 @@ spec: type: object routingRules: items: - description: Specifies the redirect behavior and when a redirect - is applied. For more information about routing rules, see - Configuring advanced conditional redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) + description: |- + Specifies the redirect behavior and when a redirect is applied. For more + information about routing rules, see Configuring advanced conditional redirects + (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) in the Amazon S3 User Guide. properties: condition: - description: A container for describing a condition that - must be met for the specified redirect to apply. For example, - 1. If request is for pages in the /docs folder, redirect - to the /documents folder. 2. If request results in HTTP - error 4xx, redirect request to another host where you - might process the error. + description: |- + A container for describing a condition that must be met for the specified + redirect to apply. For example, 1. If request is for pages in the /docs folder, + redirect to the /documents folder. 2. If request results in HTTP error 4xx, + redirect request to another host where you might process the error. properties: httpErrorCodeReturnedEquals: type: string @@ -1034,9 +1062,9 @@ spec: type: string type: object redirect: - description: Specifies how requests are redirected. In the - event of an error, you can specify a different error code - to return. + description: |- + Specifies how requests are redirected. In the event of an error, you can + specify a different error code to return. properties: hostName: type: string @@ -1059,24 +1087,25 @@ spec: description: BucketStatus defines the observed state of Bucket properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -1087,14 +1116,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/addons/s3-chart/crds/services.k8s.aws_adoptedresources.yaml b/addons/s3-chart/crds/services.k8s.aws_adoptedresources.yaml index d8d512618..b7be3224f 100644 --- a/addons/s3-chart/crds/services.k8s.aws_adoptedresources.yaml +++ b/addons/s3-chart/crds/services.k8s.aws_adoptedresources.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.2 name: adoptedresources.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: AdoptedResource is the schema for the AdoptedResource API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,129 +46,144 @@ spec: additionalKeys: additionalProperties: type: string - description: AdditionalKeys represents any additional arbitrary - identifiers used when describing the target resource. + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. type: object arn: - description: ARN is the AWS Resource Name for the resource. It - is a globally unique identifier. + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. type: string nameOrID: - description: NameOrId is a user-supplied string identifier for - the resource. It may or may not be globally unique, depending - on the type of resource. + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. type: string type: object kubernetes: - description: ResourceWithMetadata provides the values necessary to - create a Kubernetes resource and override any of its metadata values. + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. properties: group: type: string kind: type: string metadata: - description: "ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. It - is not possible to use `metav1.ObjectMeta` inside spec, as the - controller-gen automatically converts this to an arbitrary string-string - map. https://github.com/kubernetes-sigs/controller-tools/issues/385 - \n Active discussion about inclusion of this field in the spec - is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 - \n Until this is allowed, or if it never is, we will produce - a subset of the object meta that contains only the fields which - the user is allowed to modify in the metadata." + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency type: string labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names type: string namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces type: string ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. properties: apiVersion: description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. type: boolean controller: description: If true, this reference points to the managing controller. type: boolean kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names type: string uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids type: string required: - apiVersion @@ -188,13 +207,14 @@ spec: AdoptedResource. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various terminal states of the adopted resource CR - and its target custom resource + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/addons/s3-chart/crds/services.k8s.aws_fieldexports.yaml b/addons/s3-chart/crds/services.k8s.aws_fieldexports.yaml index 4a7ab61b3..49b4f3834 100644 --- a/addons/s3-chart/crds/services.k8s.aws_fieldexports.yaml +++ b/addons/s3-chart/crds/services.k8s.aws_fieldexports.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.2 name: fieldexports.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: FieldExport is the schema for the FieldExport API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,15 +40,17 @@ spec: description: FieldExportSpec defines the desired state of the FieldExport. properties: from: - description: ResourceFieldSelector provides the values necessary to - identify an individual field on an individual K8s resource. + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. properties: path: type: string resource: - description: NamespacedResource provides all the values necessary - to identify an ACK resource of a given type (within the same - namespace as the custom resource containing this type). + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). properties: group: type: string @@ -62,16 +68,18 @@ spec: - resource type: object to: - description: FieldExportTarget provides the values necessary to identify - the output path for a field export. + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. properties: key: description: Key overrides the default value (`.`) for the FieldExport target type: string kind: - description: FieldExportOutputType represents all types that can - be produced by a field export operation + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation enum: - configmap - secret @@ -94,12 +102,14 @@ spec: description: FieldExportStatus defines the observed status of the FieldExport. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various recoverable states of the field CR + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/addons/s3-chart/templates/NOTES.txt b/addons/s3-chart/templates/NOTES.txt index b32b68cf4..c5aaab66b 100644 --- a/addons/s3-chart/templates/NOTES.txt +++ b/addons/s3-chart/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/s3-controller:1.0.7". +This chart deploys "public.ecr.aws/aws-controllers-k8s/s3-controller:1.0.20". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/addons/s3-chart/templates/_helpers.tpl b/addons/s3-chart/templates/_helpers.tpl index 391d5de33..16f0fe5ff 100644 --- a/addons/s3-chart/templates/_helpers.tpl +++ b/addons/s3-chart/templates/_helpers.tpl @@ -1,5 +1,5 @@ {{/* The name of the application this chart installs */}} -{{- define "app.name" -}} +{{- define "ack-s3-controller.app.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -8,7 +8,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "app.fullname" -}} +{{- define "ack-s3-controller.app.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -22,27 +22,102 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{/* The name and version as used by the chart label */}} -{{- define "chart.name-version" -}} +{{- define "ack-s3-controller.chart.name-version" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* The name of the service account to use */}} -{{- define "service-account.name" -}} +{{- define "ack-s3-controller.service-account.name" -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} -{{- define "watch-namespace" -}} +{{- define "ack-s3-controller.watch-namespace" -}} {{- if eq .Values.installScope "namespace" -}} {{ .Values.watchNamespace | default .Release.Namespace }} {{- end -}} {{- end -}} {{/* The mount path for the shared credentials file */}} -{{- define "aws.credentials.secret_mount_path" -}} +{{- define "ack-s3-controller.aws.credentials.secret_mount_path" -}} {{- "/var/run/secrets/aws" -}} {{- end -}} {{/* The path the shared credentials file is mounted */}} -{{- define "aws.credentials.path" -}} -{{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}} +{{- define "ack-s3-controller.aws.credentials.path" -}} +{{ $secret_mount_path := include "ack-s3-controller.aws.credentials.secret_mount_path" . }} +{{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} +{{- end -}} + +{{/* The rules a of ClusterRole or Role */}} +{{- define "ack-s3-controller.rbac-rules" -}} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - s3.services.k8s.aws + resources: + - buckets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - s3.services.k8s.aws + resources: + - buckets/status + verbs: + - get + - patch + - update +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update +{{- end }} + +{{/* Convert k/v map to string like: "key1=value1,key2=value2,..." */}} +{{- define "ack-s3-controller.feature-gates" -}} +{{- $list := list -}} +{{- range $k, $v := .Values.featureGates -}} +{{- $list = append $list (printf "%s=%s" $k ( $v | toString)) -}} +{{- end -}} +{{ join "," $list }} {{- end -}} diff --git a/addons/s3-chart/templates/caches-role-binding.yaml b/addons/s3-chart/templates/caches-role-binding.yaml new file mode 100644 index 000000000..d87de45d0 --- /dev/null +++ b/addons/s3-chart/templates/caches-role-binding.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-namespaces-cache-s3-controller +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-namespaces-cache-s3-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-s3-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ack-configmaps-cache-s3-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-configmaps-cache-s3-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-s3-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} diff --git a/addons/s3-chart/templates/caches-role.yaml b/addons/s3-chart/templates/caches-role.yaml new file mode 100644 index 000000000..5ba0f2471 --- /dev/null +++ b/addons/s3-chart/templates/caches-role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-namespaces-cache-s3-controller +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-configmaps-cache-s3-controller + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/addons/s3-chart/templates/cluster-role-binding.yaml b/addons/s3-chart/templates/cluster-role-binding.yaml index 19b760622..7cdf19817 100644 --- a/addons/s3-chart/templates/cluster-role-binding.yaml +++ b/addons/s3-chart/templates/cluster-role-binding.yaml @@ -1,21 +1,36 @@ -apiVersion: rbac.authorization.k8s.io/v1 {{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "app.fullname" . }} + name: {{ include "ack-s3-controller.app.fullname" . }} roleRef: kind: ClusterRole -{{ else }} + apiGroup: rbac.authorization.k8s.io + name: ack-s3-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-s3-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-s3-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ $fullname := include "ack-s3-controller.app.fullname" . }} +{{ $releaseNamespace := .Release.Namespace }} +{{ $serviceAccountName := include "ack-s3-controller.service-account.name" . }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "app.fullname" . }} - namespace: {{ .Release.Namespace }} + name: {{ $fullname }} + namespace: {{ . }} roleRef: kind: Role -{{ end }} apiGroup: rbac.authorization.k8s.io name: ack-s3-controller subjects: - kind: ServiceAccount - name: {{ include "service-account.name" . }} - namespace: {{ .Release.Namespace }} + name: {{ $serviceAccountName }} + namespace: {{ $releaseNamespace }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/addons/s3-chart/templates/cluster-role-controller.yaml b/addons/s3-chart/templates/cluster-role-controller.yaml index 21559e303..232f71e6f 100644 --- a/addons/s3-chart/templates/cluster-role-controller.yaml +++ b/addons/s3-chart/templates/cluster-role-controller.yaml @@ -1,108 +1,29 @@ -apiVersion: rbac.authorization.k8s.io/v1 +{{ $labels := .Values.role.labels }} +{{ $rbacRules := include "ack-s3-controller.rbac-rules" . }} {{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: ack-s3-controller labels: - {{- range $key, $value := .Values.role.labels }} + {{- range $key, $value := $labels }} {{ $key }}: {{ $value | quote }} {{- end }} -{{ else }} +{{$rbacRules }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-s3-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null name: ack-s3-controller + namespace: {{ . }} labels: - {{- range $key, $value := .Values.role.labels }} + {{- range $key, $value := $labels }} {{ $key }}: {{ $value | quote }} {{- end }} - namespace: {{ .Release.Namespace }} +{{ $rbacRules }} {{ end }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - patch - - watch -- apiGroups: - - s3.services.k8s.aws - resources: - - buckets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - s3.services.k8s.aws - resources: - - buckets/status - verbs: - - get - - patch - - update -- apiGroups: - - services.k8s.aws - resources: - - adoptedresources - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - services.k8s.aws - resources: - - adoptedresources/status - verbs: - - get - - patch - - update -- apiGroups: - - services.k8s.aws - resources: - - fieldexports - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - services.k8s.aws - resources: - - fieldexports/status - verbs: - - get - - patch - - update +{{ end }} \ No newline at end of file diff --git a/addons/s3-chart/templates/deployment.yaml b/addons/s3-chart/templates/deployment.yaml index cea38ec98..786ca242b 100644 --- a/addons/s3-chart/templates/deployment.yaml +++ b/addons/s3-chart/templates/deployment.yaml @@ -1,20 +1,20 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "app.fullname" . }} + name: {{ include "ack-s3-controller.app.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} + k8s-app: {{ include "ack-s3-controller.app.name" . }} + helm.sh/chart: {{ include "ack-s3-controller.chart.name-version" . }} spec: replicas: {{ .Values.deployment.replicas }} selector: matchLabels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: @@ -25,15 +25,15 @@ spec: {{- end }} {{- end }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm - k8s-app: {{ include "app.name" . }} + k8s-app: {{ include "ack-s3-controller.app.name" . }} {{- range $key, $value := .Values.deployment.labels }} {{ $key }}: {{ $value | quote }} {{- end }} spec: - serviceAccountName: {{ include "service-account.name" . }} + serviceAccountName: {{ include "ack-s3-controller.service-account.name" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -64,13 +64,25 @@ spec: - --leader-election-namespace - "$(LEADER_ELECTION_NAMESPACE)" {{- end }} -{{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} - --reconcile-default-resync-seconds - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" {{- end }} {{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} - --reconcile-resource-resync-seconds - "$(RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }})" +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - --reconcile-resource-max-concurrent-syncs + - "$(RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }})" +{{- end }} +{{- if .Values.featureGates}} + - --feature-gates + - "$(FEATURE_GATES)" {{- end }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -90,7 +102,7 @@ spec: - name: AWS_ENDPOINT_URL value: {{ .Values.aws.endpoint_url | quote }} - name: ACK_WATCH_NAMESPACE - value: {{ include "watch-namespace" . }} + value: {{ include "ack-s3-controller.watch-namespace" . }} - name: DELETION_POLICY value: {{ .Values.deletionPolicy }} - name: LEADER_ELECTION_NAMESPACE @@ -99,17 +111,29 @@ spec: value: {{ .Values.log.level | quote }} - name: ACK_RESOURCE_TAGS value: {{ join "," .Values.resourceTags | quote }} -{{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} - name: RECONCILE_DEFAULT_RESYNC_SECONDS value: {{ .Values.reconcile.defaultResyncPeriod | quote }} {{- end }} {{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} - name: RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }} value: {{ $key }}={{ $value }} +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: {{ .Values.reconcile.defaultMaxConcurrentSyncs | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - name: RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if .Values.featureGates}} + - name: FEATURE_GATES + value: {{ include "ack-s3-controller.feature-gates" . }} {{- end }} {{- if .Values.aws.credentials.secretName }} - name: AWS_SHARED_CREDENTIALS_FILE - value: {{ include "aws.credentials.path" . }} + value: {{ include "ack-s3-controller.aws.credentials.path" . }} - name: AWS_PROFILE value: {{ .Values.aws.credentials.profile }} {{- end }} @@ -119,7 +143,7 @@ spec: volumeMounts: {{- if .Values.aws.credentials.secretName }} - name: {{ .Values.aws.credentials.secretName }} - mountPath: {{ include "aws.credentials.secret_mount_path" . }} + mountPath: {{ include "ack-s3-controller.aws.credentials.secret_mount_path" . }} readOnly: true {{- end }} {{- if .Values.deployment.extraVolumeMounts -}} @@ -128,10 +152,23 @@ spec: securityContext: allowPrivilegeEscalation: false privileged: false + readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 securityContext: seccompProfile: type: RuntimeDefault diff --git a/addons/s3-chart/templates/leader-election-role-binding.yaml b/addons/s3-chart/templates/leader-election-role-binding.yaml index efef0f67b..f3a73f54a 100644 --- a/addons/s3-chart/templates/leader-election-role-binding.yaml +++ b/addons/s3-chart/templates/leader-election-role-binding.yaml @@ -14,5 +14,5 @@ roleRef: name: s3-leader-election-role subjects: - kind: ServiceAccount - name: {{ include "service-account.name" . }} + name: {{ include "ack-s3-controller.service-account.name" . }} namespace: {{ .Release.Namespace }}{{- end }} diff --git a/addons/s3-chart/templates/metrics-service.yaml b/addons/s3-chart/templates/metrics-service.yaml index 638858a38..388e770b0 100644 --- a/addons/s3-chart/templates/metrics-service.yaml +++ b/addons/s3-chart/templates/metrics-service.yaml @@ -5,18 +5,18 @@ metadata: name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} + k8s-app: {{ include "ack-s3-controller.app.name" . }} + helm.sh/chart: {{ include "ack-s3-controller.chart.name-version" . }} spec: selector: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm - k8s-app: {{ include "app.name" . }} + k8s-app: {{ include "ack-s3-controller.app.name" . }} {{- range $key, $value := .Values.deployment.labels }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/addons/s3-chart/templates/role-writer.yaml b/addons/s3-chart/templates/role-writer.yaml index 3593ccdf9..2002b609d 100644 --- a/addons/s3-chart/templates/role-writer.yaml +++ b/addons/s3-chart/templates/role-writer.yaml @@ -10,7 +10,6 @@ rules: - s3.services.k8s.aws resources: - buckets - verbs: - create - delete diff --git a/addons/s3-chart/templates/service-account.yaml b/addons/s3-chart/templates/service-account.yaml index 73306395f..983eb9a08 100644 --- a/addons/s3-chart/templates/service-account.yaml +++ b/addons/s3-chart/templates/service-account.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-s3-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} - name: {{ include "service-account.name" . }} + k8s-app: {{ include "ack-s3-controller.app.name" . }} + helm.sh/chart: {{ include "ack-s3-controller.chart.name-version" . }} + name: {{ include "ack-s3-controller.service-account.name" . }} namespace: {{ .Release.Namespace }} annotations: {{- range $key, $value := .Values.serviceAccount.annotations }} diff --git a/addons/s3-chart/values.schema.json b/addons/s3-chart/values.schema.json index ac28b6808..7ccb485d8 100644 --- a/addons/s3-chart/values.schema.json +++ b/addons/s3-chart/values.schema.json @@ -223,13 +223,19 @@ "enum": ["delete", "retain"] }, "reconcile": { - "description": "Reconcile resync settings. Parameters to tune the controller's drift remediation period.", + "description": "Reconcile settings. This is used to configure the controller's reconciliation behavior. e.g resyncPeriod and maxConcurrentSyncs", "properties": { "defaultResyncPeriod": { "type": "number" }, "resourceResyncPeriods": { "type": "object" + }, + "defaultMaxConcurentSyncs": { + "type": "number" + }, + "resourceMaxConcurrentSyncs": { + "type": "object" } }, "type": "object" @@ -262,6 +268,13 @@ "type": "object" } }, + "featureGates": { + "description": "Feature gates settings", + "type": "object", + "additionalProperties": { + "type": "boolean" + } + }, "required": [ "image", "deployment", diff --git a/addons/s3-chart/values.yaml b/addons/s3-chart/values.yaml index e25f7ee9c..a046726a6 100644 --- a/addons/s3-chart/values.yaml +++ b/addons/s3-chart/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/s3-controller - tag: 1.0.7 + tag: 1.0.20 pullPolicy: IfNotPresent pullSecrets: [] @@ -107,6 +107,7 @@ installScope: cluster # Set the value of the "namespace" to be watched by the controller # This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart. +# You can set multiple namespaces by providing a comma separated list of namespaces. e.g "namespace1,namespace2" watchNamespace: "" resourceTags: @@ -127,6 +128,12 @@ reconcile: # An object representing the reconcile resync configuration for each specific resource. resourceResyncPeriods: {} + # The default number of concurrent syncs that a reconciler can perform. + defaultMaxConcurrentSyncs: 1 + # An object representing the reconcile max concurrent syncs configuration for each specific + # resource. + resourceMaxConcurrentSyncs: {} + serviceAccount: # Specifies whether a service account should be created create: true @@ -146,3 +153,16 @@ leaderElection: # will attempt to use the namespace of the service account mounted to the Controller # pod. namespace: "" + +# Configuration for feature gates. These are optional controller features that +# can be individually enabled ("true") or disabled ("false") by adding key/value +# pairs below. +featureGates: + # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + ServiceLevelCARM: false + # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + TeamLevelCARM: false + # Enable ReadOnlyResources feature/annotation. + ReadOnlyResources: false + # Enable ResourceAdoption feature/annotation. + ResourceAdoption: false \ No newline at end of file