Skip to content

Instantly share code, notes, and snippets.

@renuka-fernando

renuka-fernando/controller_conf.yaml

Last active March 13, 2020 09:03
Show Gist options
  • Save renuka-fernando/6d6c64c786e6d13742e802534de3da4e to your computer and use it in GitHub Desktop.
Save renuka-fernando/6d6c64c786e6d13742e802534de3da4e to your computer and use it in GitHub Desktop.
Download ZIP
WSO2 Api-Operator configurations required in https://operatorhub.io/operator/api-operator
Raw
controller_conf.yaml
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
kind: Namespace
apiVersion: v1
metadata:
name: wso2-system
labels:
name: wso2-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apim-operator
namespace: wso2-system
spec:
replicas: 1
selector:
matchLabels:
name: apim-operator
template:
metadata:
labels:
name: apim-operator
spec:
serviceAccountName: apim-operator
containers:
- name: apim-operator
# Replace this with the built image name
image: wso2am/k8s-api-operator:1.1.0-alpha
command:
- apim-operator
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "apim-operator"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: apim-operator
namespace: wso2-system
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- ingresses
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- apim-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- wso2.com
resources:
- '*'
- ratelimitings
- targetendpoints
- securities
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- '*'
verbs:
- '*'
- apiGroups:
- "extensions"
resources:
- ingresses
- ingress
verbs:
- '*'
- apiGroups:
- serving.knative.dev
resources:
- '*'
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: apim-operator
namespace: wso2-system
subjects:
- kind: ServiceAccount
name: apim-operator
# Replace this with the namespace the operator is deployed in.
namespace: wso2-system
roleRef:
kind: ClusterRole
name: apim-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: apim-operator
namespace: wso2-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: controller-config
namespace: wso2-system
data:
#mgw toolkit image to initialize/setup the micro gw project
mgwToolkitImg: wso2am/wso2micro-gw-toolkit:3.1.0-beta
#mgw runtime image to use in the mgw executable
mgwRuntimeImg: wso2/wso2micro-gw:3.1.0-beta
#kaniko image for the kaniko pod which builds the mgw api runtime and pushes to the registry
kanikoImg: gcr.io/kaniko-project/executor
#docker registry type which the mgw image to be pushed. supported types: DOCKER_HUB, AMAZON_ECR, GCR, PRIVATE. Default-> registryType: DOCKER_HUB
registryType: DOCKER_HUB
#docker repository name which the mgw image to be pushed. eg-> repositoryName: username of Docker Hub account
repositoryName: REPOSITORY_NAME_OF_DOCKER_REGISTRY
#Maximum number of replicas for the Horizontal Pod Auto-scale. Default-> hpaMaxReplicas: "5"
hpaMaxReplicas: "5"
#Avg CPU utilization(%) to spin up the next pod. Default-> hpaTargetAverageUtilizationCPU: "50"
hpaTargetAverageUtilizationCPU: "50"
#Required CPU usage for pods. Default-> resourceRequestCPU: "1000m"
resourceRequestCPU: "1000m"
#Required Memory usage pods can use. Default-> resourceRequestMemory: "512Mi"
resourceRequestMemory: "512Mi"
#Max CPU usage limit a pod can use. Default-> resourceLimitCPU: "2000m"
resourceLimitCPU: "2000m"
#Max Memory usage limit a pod can use. Default-> resourceLimitMemory: "512Mi"
resourceLimitMemory: "512Mi"
resourceRequestCPUTarget: "1000m"
#Required Memory usage pods can use for TargetEndPoint. Default-> resourceRequestMemory: "512Mi"
resourceRequestMemoryTarget: "512Mi"
#Max CPU usage limit a pod can use for TargetEndPoint. Default-> resourceLimitCPU: "2000m"
resourceLimitCPUTarget: "2000m"
#Max Memory usage limit a pod can use for TargetEndPoint. Default-> resourceLimitMemory: "512Mi"
resourceLimitMemoryTarget: "512Mi"
#Configure readiness probe initial delay for API pod
readinessProbeInitialDelaySeconds: "8"
#Configure readiness prob interval for API pod
readinessProbePeriodSeconds: "5"
#Configure liveness probe initial delay for API pod
livenessProbeInitialDelaySeconds: "10"
#Configure liveness probe interval for API pod
livenessProbePeriodSeconds: "30"
#Stop at docker image creation or continue to deploy kubernetes artifact.
#Default-> generatekubernbetesartifactsformgw: "true"
generatekubernbetesartifactsformgw: "true"
#Set the mode whether we need to use ingress or default mode
operatorMode: "default"
#Ingress resource name
ingressResourceName: "api-operator-ingress"
#Define whether ingress to use http or https endpoint of operator deployment
ingressTransportMode: "https"
#Define the hostname of the ingress
ingressHostName : "mgw.ingress.wso2.com"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: apim-config
namespace: wso2-system
data:
#By default hostname verification is disabled. In a production scenario, this has to be enabled.
verifyHostname: "false"
#Log level of the managed API (microgateway). Available levels: INFO, DEBUG, TRACE
logLevel: "INFO"
#Ports from which the managed API service is getting exposed
httpPort: "9090"
httpsPort: "9095"
#Enable distributed ratelimiting. Default value:false. If enabled please deploy API Portal
enabledGlobalTMEventPublishing: "false"
#The central traffic management solution URL (related to distributed ratelimiting)
#Format: hostname_of_API_Portal:Default_port
throttleEndpoint: "wso2apim.wso2:32001"
#Message broker connection URL (related to distributed ratelimiting and token revocation)
#Format: hostname_of_API_Portal:JMS_port
jmsConnectionProvider: "wso2apim.wso2:28230"
#Token revocation
#Enable real time notifier for token revocation
enableRealtimeMessageRetrieval: "false"
#Request and response validation
enableRequestValidation: "false"
enableResponseValidation: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-annotations
namespace: wso2-system
data:
ingress.properties: |
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: false
---
apiVersion: wso2.com/v1alpha1
kind: Security
metadata:
name: default-security-jwt
namespace: wso2-system
spec:
type: JWT
certificate: wso2am300-secret
issuer: https://wso2apim:32001/oauth2/token
audience: http://org.wso2.apimgt/gateway
---
apiVersion: v1
kind: Secret
metadata:
name: wso2am300-secret
namespace: wso2-system
data:
server.pem: MIIDfTCCAmWgAwIBAgIEbfVjBzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxDTALBgNVBAoTBFdTTzIxDTALBgNVBAsTBFdTTzIxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xOTA4MjMxMjUwMzNaFw0yOTA4MjAxMjUwMzNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzENMAsGA1UEChMEV1NPMjENMAsGA1UECxMEV1NPMjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3mYMT8N2SR8cpimdMOTpk/M8fOxPF1BHQAiCtld4nbksILgJKsA34GSP5Oh4gLW21VCEPPzdGLnqfwM6ZoG/X0rcK5++VbqH/vH4Cclba6fqlLxCvTiRbPJ58Pe7+biCeQ368dG2aeBPV3EhO8br3Z/LcQXASmhSWps8J3GOSx/49xzkHh59J2gJHhnvjxcszZAF35SLAb6F+2rJQrOJs6u7WfJv4NQxSyhcgcr4/+77JzNFEVUj4TPSBy2WGAgK5ttP5+kG3+rKs0lQjTo9h/hK89KjbbRvoqZdpxnwQYxFDOk0CxijZVO5Cs3cabeUHZeXehHSgXj6W+VGMiDgwIDAQABozcwNTAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFFU2A4pBuR0aKGrgQAtrSlqWrNLLMA0GCSqGSIb3DQEBCwUAA4IBAQAX+F30hIwI+8hO9IQ9Wr40+zL6KTgDxWraB450D7UyZ/FApKK2R/vYvIqab+H6u9XNCz63+sYgX6/UBSYW47ow6QMcv71xepXbwtLqq3MQr6frgP52Z2jyQtAbDpirh4/IXkhF+S8DsDFxmlPy423LKnTqCqIfyv7Y8Y8lty5BWyfYJV7V2RJnZ4zIKv66U3exxugR0WRGWy56nIY8GGaroxuC9cH6NkVwN9GmYoCa9PUGynQ4NHjeg6VSwQZ279VGpLhogWS67x8V/nR+yjI+qTjjCbJqsoHVQL90Vxa+ASD1DViBA8ar1/9Ns5vIEZet5GT1nM10ZzEK+E1QMGed
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dockerfile-template
namespace: wso2-system
data:
dockerFile.gotmpl: |
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#This image will be used by Kaniko pod to create the micro-gw image
# Custom image with java and toolkit has been build for stage1
FROM {{$.BaseImage}} as toolkit
#init the micro-gw project
RUN micro-gw init project
#copy swagger definitions to the project location
RUN cp /usr/wso2/swagger/* ./project/api_definitions/
#copy policy yaml to the project
RUN cp /usr/wso2/policy/* ./project/
#copy interceptors to the project
{{ if .InterceptorsFound }}
RUN cp usr/wso2/interceptors/* ./project/interceptors/
{{ end }}
#generate the executable
RUN micro-gw build project
#copy the executable to the home/exec location
RUN mkdir -p /home/exec
RUN cp ./project/target/*.jar /home/exec/
#Stage 2: Generated jar will be passed to the micro-gw runtime
FROM {{$.RuntimeImage}}
#change permission to create and copy the executable
USER root
RUN mkdir -p /home/exec
COPY --from=toolkit /home/exec /home/exec
#copy microgateway conf
RUN cp /usr/wso2/mgwconf/* /home/ballerina/conf
{{ if .CertFound }}
{{- range $alias, $certPath := .Certs }}
RUN echo yes | /home/ballerina/wso2/lib/jdk8*/bin/keytool -import -storepass {{ $.Password }} -keystore /home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12 -alias "{{ $alias }}" -file {{ $certPath }}
{{- end }}
{{ end }}
RUN chmod a+w /home/ballerina
USER ballerina
#project name has to be passed to the ballerina image as a env variable
ENV project="project"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mgw-conf-mustache
namespace: wso2-system
data:
mgwConf.gotmpl: |
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Transport listener Configurations
[listenerConfig]
# Microgateway exposed IP / Host
host = "0.0.0.0"
# HTTP port that is used to make APIs available to the outside.
httpPort = {{httpPort}}
# HTTPs port that is used to make APIs available to the outside and for endpoints(/token, /authorize, /revoke/, userinfo) of Key Manager.
httpsPort = {{httpsPort}}
# HTTP port for endpoints(/token, /authorize, /revoke/, userinfo) of Key Manager
tokenListenerPort = 9096
# Internal keystore
keyStorePath = "{{keystorePath}}"
keyStorePassword = "{{keystorePassword}}"
# Truststore
trustStorePath = "{{truststorePath}}"
trustStorePassword = "{{truststorePassword}}"
# API Authorization security for the gateway and the backend
[authConfig]
# Authorization header expected by the Microgateway. Can be overridden at API level using the extension
authorizationHeader = "Authorization"
# Remove authorization header from the backend request
removeAuthHeaderFromOutMessage = true
# API JWT Authorization security for backend
[jwtConfig]
# JWT header when forwarding the request to the backend
header = "X-JWT-Assertion"
# Key manager configurations
[keyManager]
# Connection URL of the Key Manager server
serverUrl = "{{keymanagerServerurl}}"
# The token endpoint context of the Key Manager server
tokenContext = "oauth2"
# timestamp skew in seconds which added when checking the token validity period
timestampSkew = 5000
# External Key Manager
external = false
# Basic security configurations
[keymanager.security.basic]
enabled = true
username = "{{keymanagerUsername}}"
password = "{{keymanagerPassword}}"
# Oauth2 security configurations
[keymanager.security.oauth2]
enabled = false
# Authentication credentials should be sent via (AUTH_HEADER_BEARER/POST_BODY_BEARER/NO_BEARER)?
credentialBearer = "AUTH_HEADER_BEARER"
# Token URL for the authorization endpoint
tokenUrl = ""
# Oauth2 security grants
[keymanager.security.oauth2.clientCredential]
enabled = false
clientId = ""
clientSecret = ""
scopes = ""
[keymanager.security.oauth2.password]
enabled = false
clientId = ""
clientSecret = ""
scopes = ""
username = ""
password = ""
[keymanager.security.oauth2.directToken]
enabled = false
accessToken = ""
[keymanager.security.oauth2.refresh]
enabled = false
refreshUrl = ""
scopes = ""
refreshToken = ""
clientId = ""
clientSecret = ""
# JWT token authorization configurations. You can provide multiple JWT issuers
[[jwtTokenConfig]]
issuer = "{{issuer}}"
audience = "{{audience}}"
certificateAlias = "{{certificateAlias}}"
# Validate subscribed APIs
validateSubscription = false
# JWT token revocation configurations
[tokenRevocationConfig]
# Real time revocation configurations
[tokenRevocationConfig.realtime]
enableRealtimeMessageRetrieval = {{enableRealtimeMessageRetrieval}}
# The JMS Message Broker that identify messages related to revoked tokens
jmsConnectionTopic = "tokenRevocation"
# The message broker context factory
jmsConnectioninitialContextFactory = "wso2mbInitialContextFactory"
# The message broker connection URL
jmsConnectionProviderUrl= "amqp://admin:admin@carbon/carbon?brokerlist='tcp://{{jmsConnectionProvider}}"
# The username used to establish the message broker connection
jmsConnectionUsername = ""
# The password used to establish the message broker connection
jmsConnectionPassword = ""
# Persistent revocation configurations
[tokenRevocationConfig.persistent]
enablePersistentStorageRetrieval = false
# Use etcd as the default persistent storage
useDefault = true
# The hostname of your persistent storage server (e.g.: <etcd-server-access-URL>/<service>/keys/jti/)
hostname = "https://127.0.0.1:2379/v2/keys/jti/"
# The username of your persistent storage server
username = "root"
# The password of your persistent storage server
password = "root"
# token cache configurations
[caching]
# Expiry time of the cache in seconds
tokenCacheExpiryTime = 900000
# The size of the cache in MB
tokenCacheCapacity = 10000
# The factor of the cache that will be cleared when the cache is full.
tokenCacheEvictionFactor = 0.25
# Analytics configurations
[analytics]
# Configurations for file upload analytics
[analytics.fileUpload]
enable = {{analyticsEnabled}}
# Time interval in milliseconds for file uploading task
uploadingTimeSpanInMillis = {{uploadingTimeSpanInMillis}}
# Initial time delay in milliseconds for file upload analytics
initialDelayInMillis = 5000
# Endpoint configured to accept file upload analytics
uploadingEndpoint = "https://{{hostname}}:{{port}}/analytics/v1.0/usage/upload-file"
# File rotating period in milliseconds
rotatingPeriod = {{rotatingPeriod}}
# To enable file upload task
taskUploadFiles = {{uploadFiles}}
# Username used in analytics server
username = "{{analyticsUsername}}"
# Password used in in analytics server
password = "{{analyticsPassword}}"
[analytics.gRPCAnalytics]
enable = false
# APIM Analytics endpoint configured to accept gRPC analytics
endpointURL = "https://localhost:9806"
# Time interval in milliseconds for gRPC connection recovery task
reconnectTimeInMillies = 6000
# User configuration for Basic auth
[b7a.users]
[b7a.users.{{basicUsername}}]
# password should be sha1 encrypted by default
password = "{{basicPassword}}"
# Request and response validation configurations
[validationConfig]
enableRequestValidation = {{enableRequestValidation}}
enableResponseValidation = {{enableResponseValidation}}
# Enable http2
[http2]
enable = true
# HTTP client configuration
[httpClients]
# Hostname verification
verifyHostname={{verifyHostname}}
# Mutual SSL configuration
[mutualSSLConfig]
# SSL Protocol to be used
protocolName = "TLS"
# SSL/TLS protocols to be enabled
protocolVersions = "TLSv1.2,TLSv1.1"
# List of ciphers to be used
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
# The type of client certificate verification. (e.g.: "require" or "optional")
sslVerifyClient = "optional"
# Throttling configurations
[throttlingConfig]
# Configurations related to node local throttling.
[throttlingConfig.nodeLocal]
# Core number of threads in the thread pool.
processThreadPoolCoreSize = 200
# Maximum number of threads in the thread pool.
processThreadPoolMaximumSize = 1000
# Keep alive time of the threads in seconds
processThreadPoolKeepAliveTime = 200
# Throttle data cleanup task frequency in seconds.
cleanUpFrequency = 3600
# Connect with the central traffic manager
enabledGlobalTMEventPublishing = {{enabledGlobalTMEventPublishing}}
# The message broker context factory
jmsConnectioninitialContextFactory = "wso2mbInitialContextFactory"
# The message broker connection URL
jmsConnectionProviderUrl = "amqp://admin:admin@carbon/carbon?brokerlist='tcp://{{jmsConnectionProvider}}'"
# The username used to establish the message broker connection
jmsConnectionUsername = ""
# The password used to establish the message broker connection
jmsConnectionPassword = ""
# The central traffic management solution URL
throttleEndpointUrl = "https://{{throttleEndpoint}}/endpoints"
# username:password to create the connection to the central traffic manager
throttleEndpointbase64Header = "admin:admin"
# ballerina logs
[b7a.log]
level="{{logLevel}}"
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: apis.wso2.com
spec:
group: wso2.com
names:
kind: API
listKind: APIList
plural: apis
singular: api
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
definition:
properties:
configmapName:
type: string
type:
type: string
required:
- configmapName
type: object
interceptorConfName:
type: string
mode:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
override:
type: boolean
replicas:
format: int64
type: integer
updateTimeStamp:
type: string
required:
- mode
- replicas
- definition
type: object
status:
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ratelimitings.wso2.com
spec:
group: wso2.com
names:
kind: RateLimiting
listKind: RateLimitingList
plural: ratelimitings
singular: ratelimiting
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
bandwidth:
properties:
dataAmount:
type: string
dataUnit:
type: string
required:
- dataAmount
- dataUnit
type: object
conditions:
properties:
headerCondition:
properties:
headerName:
type: string
headerValue:
type: string
required:
- headerName
- headerValue
type: object
ipCondition:
properties:
endIp:
type: string
negation:
type: boolean
specificIp:
type: string
startIp:
type: string
type:
type: string
required:
- type
- specificIp
- negation
- startIp
- endIp
type: object
required:
- headerCondition
- ipCondition
type: object
description:
type: string
requestCount:
properties:
limit:
format: int64
type: integer
required:
- limit
type: object
stopOnQuotaReach:
type: boolean
timeUnit:
type: string
type:
type: string
unitTime:
format: int64
type: integer
required:
- type
- timeUnit
- unitTime
- requestCount
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: securities.wso2.com
spec:
group: wso2.com
names:
kind: Security
listKind: SecurityList
plural: securities
singular: security
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
alias:
type: string
audience:
type: string
certificate:
type: string
credentials:
type: string
endpoint:
type: string
issuer:
type: string
type:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
required:
- type
type: object
status:
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: targetendpoints.wso2.com
spec:
group: wso2.com
names:
kind: TargetEndpoint
listKind: TargetEndpointList
plural: targetendpoints
singular: targetendpoint
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
status:
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment